Magnus – WindowsTechs.com

What are the benefits of periodic MFA-authentication?

Posted on January 8, 2026 by Magnus

The company I work for has an app that requires users to use a TOTP authenticator app such as Google Authenticator when signing in to their accounts in the app, in addition to providing a username and password. In others words they are req… Continue reading What are the benefits of periodic MFA-authentication?→

Send spoofed email with nodemailer

Posted on November 11, 2022 by Magnus

How can I send an email with a spoofed ‘from’ field with nodemailer and SMTP? I know that SMTP does not provide any authentication check to see if the ‘from’ field is actually correct, so why is it not as easy as just changing the ‘from’ h… Continue reading Send spoofed email with nodemailer→

Concatenating timestamp to data before encrypting it – is this a commonly used technique?

Posted on September 9, 2022 by Magnus

I have a web app that communicates with a backend server, and the users of the web app are organisations that each have a single login for the entire organisation. The app is meant to be used for example on TV’s in the cafeteria to display… Continue reading Concatenating timestamp to data before encrypting it – is this a commonly used technique?→

Can I use OpenSSL to generate a key from asn1 configuration file without specifying the modular multiplicative inverse q^-1 (mod p)

Posted on January 30, 2019 by Magnus

I’m trying to create this gimmicky public-private RSA key pair where p and q are the same number. I would want to use the asn1 parser in OpenSSL, but I’m required to specify the coeff parameter, the multiplicative inverse for… Continue reading Can I use OpenSSL to generate a key from asn1 configuration file without specifying the modular multiplicative inverse q^-1 (mod p)→

Is there greater risk to browsing websites with invalid certificates than websites with no certificate at all?

Posted on October 2, 2017 by Magnus

The information security community is generally very adamant that users should not proceed to visit websites that have invalid SSL certificates. Web browsers have gotten less and less cooperative with users who want to ignore… Continue reading Is there greater risk to browsing websites with invalid certificates than websites with no certificate at all?→

I have a conceptual idea for a network that could obfuscate the geolocation of a mobile station. I would appreciate short, critical feedback

Posted on November 7, 2016 by Magnus

I am a student in network engineering, and I have a technical essay due on November 18th. I can choose the topic of the essay myself. I have a conceptual idea of a network that could help obfuscate the geolocation of a mobile device. If yo… Continue reading I have a conceptual idea for a network that could obfuscate the geolocation of a mobile station. I would appreciate short, critical feedback→

Why does it not cause a buffer overflow when a large string is validated for length?

Posted on October 26, 2016 by Magnus

I know that many buffer overflow attacks on servers are conducted by sending very large input strings through some HTML form etc.. The go-to mitigation technique for this, is to validate the length of the string and make sure it is not ver… Continue reading Why does it not cause a buffer overflow when a large string is validated for length?→

Rails – protection against code injection and XSS

Posted on November 11, 2010 by Magnus

I’ve started using Ruby on Rails, and I was wondering if there were any security gotchas to watch out for with Rails, particularly regarding code injection and XSS?

I know Rails tries to prevent such attacks by sanitizing … Continue reading Rails – protection against code injection and XSS→