Collaborate Disseminate
There are some websites and apps promising (I have not tested their claims, just accidentially saw such a service on some website about phones and apps for them) to show phone location on a map given its IMEI.
How do such websites and apps… Continue reading How do "track a phone location by IMEI" websites and apps work
There are some websites and apps promising (I have not tested their claims, just accidentially saw such a service on some website about phones and apps for them) to show phone location on a map given its IMEI.
How do such websites and apps… Continue reading How do "track a phone location by IMEI" websites and apps work
Let we have a hash function that is second preimage resistant but not collision-resistant.
Then an adversary can create a pair of different messages M and M’, M is benign and M’ is malicious, for both of which the signature … Continue reading Why are non-collision-resistant hash functions considered insecure for signing self-generated information
When connecting to a server for the first time, ssh usually requires users to check server’s fingerprint and then caches the info. This is needed in order to prevent MiTM.
Is it a design flaw in SSH that a user is required t… Continue reading Is SSH secure against MiTM if server fingerprint is not checked, public key authentication is used and confidentiality is not needed for that service?
Do programs run in Linux in Wine benefit from mitigation techniques DEP and ASLR?
Continue reading Do programs run in Linux in Wine benefit rom DEP and ASLR?
I mean if it possible to safely plug a PCMCIA card into a PC without IOMMU? Such computers are very widespread, every digital TV or receiver has a CI+ slot, which is PCMCIA, and people insert there cards they don’t control and which they h… Continue reading Are IDE DMA attacks possible and is it possible to prevent them purely with software means without any IOMMU or other special hardware
Lot of software use lot of dependencies. Some of these dependencies have been developed by single developers. There were cases of buyout popular npm and php libraries and browser extensions with the sole purpose to put a back… Continue reading Why too little attention is paid to protection from buying widespread dependencies
There were some kernel exploits and CVEs (for example ms11-087 and CVE-2017-8682) about fonts. And there were some malware campaigns like duqu which used zerodays in fonts embedded into docx files.
I wonder if it is secure t… Continue reading How is it secure to open documents with embedded/linked fonts and images
There were some kernel exploits and CVEs (for example ms11-087 and CVE-2017-8682) about fonts. And there were some malware campaigns like duqu which used zerodays in fonts embedded into docx files.
I wonder if it is secure t… Continue reading How is it secure to open documents with embedded/linked fonts and images
I had a conversation with @anger32 who states that zeroing a physical memory page frame when passing the page backed by that frame to another process is not the responsibility of OSes like Windows and Linux (though they do th… Continue reading Reading physical memory frame previously owned by another process to read contents of its memory page