Collaborate Disseminate
I want to create an online webform that records users; name, address, bank account and sortcode (UK). each entry will be copied locally and then deleted.
I have read so much about what I shouldn’t do, the security implicatio… Continue reading What is the most secure method of collecting bank and sort details via an online form
I am doing some research in order to get an understanding of the security of the Network Time Protocol. In particular, my goal was/is to understand how the protocol is secured and what the issues are.
So far, I understood th… Continue reading Overall Security of Network Time Protocol
I am thinking of an app that could allow people to share text so they can post grievances about a totalitarian government in a p2p network. It has to be p2p because a website can be blocked. This would be for locals to post a… Continue reading Is it possible to send a message and 100% obfuscate the origin of the sender in a p2p networked message board?
Im learning about the Dan Kaminsky attack, on a server created to test out the attack. How would I go about using dnspentest. Source code is available by clicking the link above the picture.
The read me says
java Server… Continue reading DNS Penetration Test (sourceforge) and DNS Cache Poisoning
I’m learning about the Dan Kaminsky attack on a server created to test out the attack. How would I go about using dnspentest? Source code is available by clicking the link above the picture.
The readme says
java ServerKern… Continue reading DNS Penetration Test and DNS Cache Poisoning
My organization has a group policy that is applied to servers enforcing FIPS compliance (Windows AD policy).
In .NET, HMACSHA1 is one of the encryption/hash algorithms that is FIPS compliant. I don’t understand how HMACSHA256 or HMACSHA51… Continue reading FIPS Compliance with HMACSHA1 vs HMACSHA256 / HMACSHA512
Today I learned that Django’s CSRF protection uses refer(r)er header checking in addition to checking a hidden form field against a cookie. It seems to be important, judging from docs and issue below.
It only checks this over HTTPS though. I’ve also noticed that almost no other website checks referer [since I turned off sending of said header and most forms still work].
So I have two questions:
The info that I found:
https://docs.djangoproject.com/en/1.8/ref/csrf/#how-it-works
In addition, for HTTPS requests, strict referer checking is done by CsrfViewMiddleware. This is necessary to address a Man-In-The-Middle attack that is possible under HTTPS when using a session independent nonce, due to the fact that HTTP ‘Set-Cookie’ headers are (unfortunately) accepted by clients that are talking to a site under HTTPS. (Referer checking is not done for HTTP requests because the presence of the Referer header is not reliable enough under HTTP.)
https://code.djangoproject.com/ticket/16870
Unfortunately, this check is absolutely necessary for the security of Django’s CSRF protection. Without it, we can’t prevent man-in-the-middle attacks on SSL sites. We made the decision that preventing MITM was a more valuable tradeoff than breaking sites for the small minority of users who block the header in a fashion which does not improve privacy.
Continue reading Why is referer checking needed for Django to prevent CSRF
Would having the IP address and name of my database visible to the public be a security risk?
I have hosting with godaddy, a shared hosting plan. When I connect to my DB, via MS-SQL-MS, I can see the names of all databases on the shared h… Continue reading Database Security
Is there any way to trace a text message? As far as the real phone number that the text is being sent from? Or the location from where the text is being sent?
I’ve been getting harassing text messages from someone and when I try to call th… Continue reading Tracing a text message
I have seen articles advising that in order to make the most of an SSD, it should be connected in AHCI mode.
Some SSDs allow the ATA password to encrypt the encryption key so my question is this – does this ATA password work… Continue reading SSD enrcyption with ATA password – AHCI mode?