Collaborate Disseminate
Choose the option that fits best.
a) Authenticated Boot
b) Remote attestation from the auditor’s point of view
c) Binding of data to a TPM
d) Generation of random numbers by a TPM
I am working on an application which has an architectural description as below,
There is a docker container, lets say Microservice-A, in which multiple processes are running. Each process is responsible for executing a workflow and is man… Continue reading Authenticating a request from a valid application (unshadowed)
My Java 11 application is being upgraded to fix the log4shell flaw. So first Spring Boot has been upgraded to the latest version.
As my project uses Maven to manage its dependencies, I set the log4j version in the dependencyManagement sect… Continue reading What to do if my java app is still vulnerable to log4shell after upgrading to the latest log4J?
I am developing a dependant watch app and need to pass some data from the phone to watch and vice versa to sync up (imagine login credentials). Is it secure to pass data as plain text from the mobile to the watch app and vice versa? Can ha… Continue reading Is it secure to pass data as plain text via watchConnectivity? [migrated]
I’m wondering if I’m risking anything if I use
style-src-attr ‘unsafe-hashes’ <hash>
in my CSP header.
I need to allow an external script to run, and it uses the style attribute on some elements.
I have no control over the external … Continue reading What do I risk if I use CSP header style-src-attr ‘unsafe-hashes’ <hash>
I just received my YubiKey and was playing with it. It works brilliantly but I couldn’t help thinking what would happen if I would lose the key. Well, for Google you can print out some backup codes, so that’s covered. But then I wanted to … Continue reading AWS – YubiKey lost… now what?
In my database, I would like to encrypt every identifiable piece of information, including the username, such that people with access to the database cannot deduce the actual username (because it could potentially indicate th… Continue reading Best way to encrypt a username in a database?
I have a server that enforces access control by means of cryptography, by not giving up data, or by a combination thereof.
By the former (cryptography), I mean: If a user requests some data, the server gives it in an encrypt… Continue reading What is the correct terminology for enforcing access control by means of cryptography, or on a privileged list?
I’m afraid that I am targetted by hackers. To resolve this, I’m now trying the BitDefender rescue CD. When starting it, I get the following error notification:
VBoxClient: VirtualBox kernel service isn’t running.
The s… Continue reading VBoxClient error in BitDefender rescue CD
I’m struggling to find good literature on Searchable Encryption. There are of course a few student papers written in LaTeX using Computer Modern that has some nice Greek soups in them, but none with any actual concrete exampl… Continue reading What is currently the best Searchable Encryption (SE) algorithm that works in practice?