Collaborate Disseminate
I’m looking for a process to replace the status quo of notepad and Excel. We’ve tested a market-leading password manager. An issue that comes up with this is that the secure sharing password facility has some significant vulnerabilities. W… Continue reading Does a solution exist to permit account sharing without revealing the account password?
I have been given an assignment to identify security flaws in this script. Due to this, I’m not looking for a full analysis, but merely pointers.
I should note that this is my first time working with Java.
package com.dcx.ps.dcppcp.bm.dao;… Continue reading Which security flaws could be in this supposedly vulnerable script? [closed]
We’re having an internal debate within the NHS organisation I work for, around securing admin usernames. Our usernames are generally based on our names (e.g. tom jones username = tojo0001). Admin usernames are based on the low-level accoun… Continue reading What are the industry recommendations on usernames?
We have dozens of internal management interfaces on our appliances that use self-signed certificates – ILO, DRAC, switch management, etc. These certificates display a warning in the browser, but their expiry or lack of trust does not break… Continue reading Self-Signed Certificates on Management Interfaces – Cyber Security Standards
I have generated a public and private key pair with ECDH from NodeJS
function _genPrivateKey(curveName = "secp384r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.generateKeys();… Continue reading ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret
I’m looking at hardening our AD. One concern I have is around Golden Ticket Attacks using Mimikatz and the likes (https://attack.stealthbits.com/how-golden-ticket-attack-works). One of the things that struck me about the attack is that it … Continue reading How do you protect against Active Directory Golden Ticket Attacks?
I found some explanations with the concept of tls channel binding. But I cannot find any specific example about how to implement this feature.
I want to know if this feature needs to implement on application layer, like extracting some dat… Continue reading how to implement channel binding feature in TLS
We have DBAs who want to access SQL DBs over DirectAccess (DA). The ask is to open port TCP 1530 over DA. At the moment, we have 6,000 people using DA, we can’t filter on a specific group of DBAs. Effectively if we open the DA rules to all… Continue reading Direct VPN access to DBs – government guidelines (DBAs at home COVID)
I am using Cisco AnyConnect Secure Mobility Client version Version 4.5.03040 on my Windows 10 system to connect to our office VPN. From past few days I am experiencing a weird issue where my Internet speed is reduced by 96-97% after connec… Continue reading Extremely slow internet speed after connecting Cisco Anyconnect VPN [closed]
This question may be silly but I’ve a hard time understanding TLS 1.2 and accessing a website via HTTPS.
I’ve received a report from a web security tool that my website is not HTTPS and I have to enable TLS 1.2 on the server. As per my und… Continue reading TLS 1.2 and HTTPS