Collaborate Disseminate
We just stumbled across a wordpress-hosted blog (subdomain.wordpress.com that contains false claims and which we might want to sue in a legal (or inofficial) case.
Are there any technical solutions how we can identify the blog owner?
We al… Continue reading How to identify the owner of a wordpress-hosted blog? [migrated]
I just noticed a strange loop device that was added to my machine today.
It is mounted under /run/media/<user>/CENA_X86FREE_EN-US_DV9 and seems to contain Windows files, probably a Windows installer with a bit more than 4.1GB used sp… Continue reading Loop device added at package installation – is it a security threat?
I am wondering whether Windows is GDPR compliant, given the vast amount of telemetry and manipulating formulations that push users into agreeing to everything, and given that a normal users requires hours to turn off most of the data colle… Continue reading Is Windows 10 GDPR-compliant? [closed]
After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
I assume yes, given that if e.g. the word was "password", and the new one is "drowssap", the dista… Continue reading After a password leak, is there a Levenshtein distance from which one a newly derivated password can be considered safe?
When I used Chrome today via Burp, I noted that, apart from the tracking requests, three random HTTP HEAD requests are sent each time I open the browser.
I already found
How to find a process that is sending HTTP HEAD requests
for this an… Continue reading Can Chrome’s HTTP HEAD requests be misused to launch an attack?
Today I noticed something strange.
I got an email containing a link that links to another site than the text says. In (Simple) HTML, the review is visible when hovering over the link.
However, in plaintext, in 3 out of 4 mails only the a.c… Continue reading Link test differs from link location in plaintext view is not visible in Thunderbird
I wondered in which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message?
The examples I saw all allowed full replacement of the HTTP response, which made me think the attacker coul… Continue reading In which settings is it possible to launch a HTTP Response Splitting Attack but not completely replace the HTTP message?
I am looking for information on break-glass access control systems for medical devices that are in actual usage at the moment.
I have already read a bunch of papers on this, e.g. papers on cloakers, guards, UV tattoos or the commonly used … Continue reading Break-Glass Access Control Systems for Medical Devices in Usage
I just read following statement in a technical guideline about network-accessible mobile devices with medical applications (BSI TR 03161):
The application MUST verify the integrity of the back end before
accessing it
with reference to:
… Continue reading How to validate the integrity of a back end?