Collaborate Disseminate
I am trying to understand how a CDN (like Cloudflare e.g) does protect against a DDoS attack.
I would think that the internet traffic is routed through a CDN’s reverse proxy, then filtered. This assumes that the DNS record o… Continue reading How does a CDN actually prevent DDoS attacks, when an origin server accepts direct connections?
I just learned about FIDO2 (WebAuthn) and try to make a comparison to the lesser-known novel SQRL authentication scheme.
Both seem to use the same key elements:
a private, user-resident “master key” thus not relying on a 3rd party like … Continue reading Is there any privacy- or security-relevant difference between FIDO2 and SQRL
I learned about about XML-RPC and specifically XML-RPC in WordPress. Now, the safety of XML-RPC in WordPress this is disputed.
But given, that I would like to continue using XML-RPC, in the most save manner, I wonder about t… Continue reading Does the Loginizer WordPress plugin also limit XML-RPC-calls?
Given, I want to create a document (text-only for the sake of this question) and give it to someone I do not trust. I am not allowed to publish it myself. It’s probably not going to be published (publicly) anyway.
Many sites these days offer MD5 and SHA256 hashes to check the integrity of downloaded files or archives.
I wonder how much safer is the use of the SHA256 hashes for integrity checks?
Note: Consider the file content as random input (no a… Continue reading How likely is a collision using MD5 compared to SHA256 (for checking file integrity)?
According to https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf companies could be required to enhance their software to allow for spying. They would enforce this via a “techni… Continue reading Will the new australian telecoms bill allow to compel companies to build spy functionality into their software? [migrated]
I’m reading about the GDPR here and there. However, I see no requirements on how data actually is to be protected like
Mimimum password length requirements
Second factor authentication
Backup protection policies
and the l… Continue reading EU GDPR – Data protection requirement standards missing?
I have found a publicly accessible web page which discloses person-related data when queried with matching input data. This is against the company’s own data protection promise. I want to report responsibly with a proper desc… Continue reading Categorizing a data leak which is intentionally / by carelessness / by design
I am hosting a static website (no PHP etc., just HTML/JavaScript/CSS) with a security-conscious hoster that proactively removes vulnerable files. This is fine with me.
However, their last report states many instances of the … Continue reading How can javascript files represent a flash-based XSS vulnerability?
I have a magento shop system and I read this in my logs:
206.75.231.xxx – – [14/Dec/2017:19:59:11 +0100] “POST /downloader/ HTTP/1.1” 403 220 “-” “Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/32.0”
200.128.3… Continue reading Access log of someone using different IPs to send the same type of traffic