J. Doe – Page 2 – WindowsTechs.com

Is a crash always exploitable for RCE?

Posted on January 21, 2020 by J. Doe

Reading papers written by teams looking for vulnerabilities using fuzzing, I notice that many people label a crash as a DoS vulnerability. While in other papers and researches, they go deeper after the crash and try to exploit it to get RC… Continue reading Is a crash always exploitable for RCE?→

Which VPN offers more security conceptually, SSL VPN or L2TP/IPSEC?

Posted on January 10, 2020 by J. Doe

Aside from possible implementation bugs, which VPN concept aims to offer more protection by design?

SSL VPN (implementation example – OpenVPN)
L2TP/IPSEC (implementation example – Strong Swan)

After reading this review, I… Continue reading Which VPN offers more security conceptually, SSL VPN or L2TP/IPSEC?→

AWS machine images security?

Posted on December 27, 2019 by J. Doe

While there is concern about potential risks regarding non-official Docker images, what is the situation regarding AWS machine images aka AMI?

Is it same?

Continue reading AWS machine images security?→

Email signature with PKCS11?

Posted on December 19, 2019 by J. Doe

While S/MIME has been a PKCS7 standard, what happens while I sign/encrypt an email using a smart card implementing PKCS11? Is PKCS7 supported as kind of backward compatibility?

Continue reading Email signature with PKCS11?→

Email security with PCKS11 and Python – send a signed uncenrypted email

Posted on December 18, 2019 by J. Doe

What I am trying to achieve:

send a signed, unencrypted email using a smart card token through a Python script

What I’ve tried so far:

Have a look on an incoming email signed with same corporate smart card system. It is… Continue reading Email security with PCKS11 and Python – send a signed uncenrypted email→

How to encrypt user files securely on the server with PHP

Posted on December 12, 2019 by J. Doe

Description:

I want to create an upload center for small files (word/excel/zip documents etc) with PHP.

I want to protect files uploaded by user as much as possible, so if server is breached, attacker cannot read/open thes… Continue reading How to encrypt user files securely on the server with PHP→

Deriving a key with PBKDF2 from RFC1751 output

Posted on September 28, 2019 by J. Doe

I am building a system that at some point requires a 256 bit key AES key. I used to feed passphrases through PBKDF2 to derive a key, but then I decided to generate random passwords of 12 words selected out of a set of 2048 wo… Continue reading Deriving a key with PBKDF2 from RFC1751 output→

Is it possible to decrypt Outlook Web App S/MIME messages in a web browser with same webclient?

Posted on August 30, 2019 by J. Doe

Normally, you would use a mail client for mail encryption. Though, I can access smartcard security functions from the browser for a secure login.

Therefore, is it possible to decrypt Outlook Web App S/MIME messages using sam… Continue reading Is it possible to decrypt Outlook Web App S/MIME messages in a web browser with same webclient?→

Why is this not a buffer overflow?

Posted on June 14, 2019 by J. Doe

I’m actually busy with learning more about buffer overflows. I read some interesting tutorials and just got the basic idea behind it. I tried to produce a vulnerable c++ file to test my knowledge against it, but it seems like… Continue reading Why is this not a buffer overflow?→

Apple Pay scam?

Posted on May 20, 2019 by J. Doe

The weirdest thing has happened to me today. I bought an iPhone XR and ran through the setup on iTunes. At one point the iPhone asked me to setup Apple Pay, which I did. I finished the setup process and the iPhone works as ex… Continue reading Apple Pay scam?→