Collaborate Disseminate
The testssl.sh tool stated that a server I tested is vulnerable to the Lucky13 (CVE-2013-0169) vulnerability. Below the testssl.sh output:
###########################################################
testssl.sh
##############… Continue reading What is the proper server-side mitigation for the Lucky13 vulnerability (CVE-2013-0169) on a Windows server?
The SSL test of htbridge pointed out that the server supports the elliptic curves but not the EC_POINT_FORMAT TLS extension.
What does that TLS extension protect against? What is the (potential) risk of not using it?
When reviewing the SSL/TLS configuration using Qualys SSL Labs, I’ve found that the reuse of the Elliptic curve Diffie–Hellman (ECDH) public server param was flagged.
Why is the reuse of the Elliptic curve Diffie–Hellman (ECDH) public ser… Continue reading Why is the reuse of the Elliptic curve Diffie–Hellman (ECDH) public server param considered bad?
Why does a perfc file in the Windows directory prevent the recent Petya ransomware? Is it a bug in the ransomware that halt’s it from executing? Or is it a deliberate attempt of the creators to allow people to find a cure to … Continue reading Why does a perfc file cure/kill Petya ransomware (is it a bug or a deliberate decision of the creators)?
ClamAV (detection version 20170623) detects BC.Pdf.Exploit.CVE_2017_3033 in quite some PDF files. I wonder if this is not a false-positive because no other engines detect such “infection”. The CVE regards:
Adobe Acrobat R… Continue reading What is the risk of a PDF "infected" with BC.Pdf.Exploit.CVE_2017_3033?
I recently read a W3C Working Draft about the Embedded Enforcement of a Content Security Policy (CSP).
This document defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to … Continue reading Does an Embedded Content Security Policy (CSP) Enforcement ruin a "regular" CSP?
I often see two-factor authentication (2FA) methods using one-time passwords (OTP) implementations wherein the current (previous) and sometimes even 2 or 3 previous tokens are still valid. This is probably done for several re… Continue reading Is accepting the current and the previous one-time password a bad practice?
An interface (website/application) that requires authentication should have a proper HTTP caching mechanism. When it doesn’t, it allows an attacker to browse back after logout or read the cache in another way.
In order to do so, the serve… Continue reading What is the proper terminology and base CVSS score for the following cache related behaviour?
During a penetration test I noticed that changing some of the HTTP GET parameters from expected strings to arrays using ?test[]=1 instead of ?test=1. In PHP this results either way in an error or in an unwanted Array to Strin… Continue reading Is the unwanted PHP array to string conversion a security risk?
A domain can have plenty of name servers registered at there domain registrar. The name servers are picked randomly and not like expected primary first, secondary second and so on.
Knowing that, does this mean that when one… Continue reading Availability at risk due to one offine Domain Name Server? [migrated]