Collaborate Disseminate
For example, user1 and user2 use some public VPN provider like proton/nord or so on. User1 has internal IP 10.96.0.4 and user2 has 10.96.0.10. How do a vpn provider prevent user1 from scanning user2 internal IP?
Continue reading How do vpn providers prevent other user internal ip access?
There is a website that uses a cookie to store the user’s session info. Let’s assume that a hacker steals a user’s cookie to gain unauthorized access to their online accounts via some vulnerability.
How backend service can prevent such kin… Continue reading Authentication that immune to cookie hijacking [duplicate]
Segfault is a popular service for Disposable Root Servers where everyone for free can enter and use a VM via SSH. It seems like this service should be abused for cryptojacking (mining monero for example).
Do they prevent such kinds of acti… Continue reading How do segfault prevent crypto abuse? [closed]
If a domain, for example foo.com is pointed to a IP address (A record) outside of my control, for example the Twitter IP address. And the domain is visited using a browser:
What will be displayed in the browser?
Does it make sense for com… Continue reading What happens if a DNS record points to non-controlled IP address?
For example, I’m signed in to my Gmail account. If I copy all data from all the places that Chrome uses (localstorage, all the cookies, all temp folders and so on) to another PC.
How does Google prevent my old session from hijacking?
Let’… Continue reading Prevent Session Hijacking with copying all metadata from a browser
I want to debug bcrypt rounds with a static salt using this python lib
import bcrypt
salt = bcrypt.gensalt(14)
password = b"foo"
foo_1_round = bcrypt.kdf(password, salt, desired_key_bytes=10, rounds=1)
foo_2_rounds_manually = bcr… Continue reading Debug bcrypt iterations with a static salt [closed]
I’m trying to grasp which benefit can KDF like PBKDF2, scrypt and bcrypt (I know that bcrypt is technically not KDF) may bring over hashing in loop like sha256sum(sha256sum(sha256sum…..(salt + master password))) – N times, where N equals… Continue reading KDF vs hash function in loop for hashing password
I’m struggling to grasp how QUIC implements handshakes in contrast with 3 handshakes in TCP. I came across with this picture on wikipedia. As QUIC uses UDP, I don’t understand how the protocol ensures that a packet was delivered and a clie… Continue reading How does QUIC provide delivery guarantee [migrated]
Technologies like Zero-knowledge password proof and PAKE seems to be pretty mature but almost all modern web-sites still send passwords over HTTPS to check authentication. At first glance, this protocols look like a magic pill, but still n… Continue reading Why PAKE or Zero-knowledge password proof didn’t replace sending a password via HTTPS
As I understand a webserver shall serve SNI first and ignore HOST header from HTTP 1.1 as TLS handshakes occurs before HTTPS, to test I came up with this example: two domain names under the same IP address stackexchange.com and stackoverfl… Continue reading Host header is preferred by OpenSSL over SNI