Collaborate Disseminate
I was searching for reports about malware on the Apple App Store and only found minor ones (at least from a user’s perspective) on the first few Google search results.
Doing the same search for the Android Play Store leads to several sever… Continue reading Is malware less prevalent in the Apple App Store compared to the Google Play Store?
Microsoft Excel supports Python scripts (source).
VBScript Macros within Excel are known to be a security risk (source). If I read this emotet article right, then VBScript macros allow arbitrary code execution.
Do the included Python scrip… Continue reading Does Python in Excel have the same Security issues as VBS in Excel?
Something you know (password), something you are (biometrics), something you have (key card/security key) are the typical authentication factors.
Several years ago I’ve seen a paper in which the users authenticated via interaction. In that… Continue reading Authentication via User Interaction (Game play, using ML)
I’m the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for …
Generating the initialization vector (IV) in AES
As part of generating the U-Val… Continue reading Is using weak random numbers for the initialization vector of AES just a theoretical issue?
I’ve just seen a Youtube video with an advertisement for NordVPN in which they claim that NordVPN would protect passwords when people are on potentially malicious coffee shop WLAN.
That seems strange to me as basically all websites use HTT… Continue reading What damage can a malicious wifi hotspot cause? [duplicate]
I’ve just received two SMS which look strange to me (in German):
Original 1 (+491636270835): Es wurde eine neue Bestellung [6-char code] auf Lieferando.de gesendet. Informationen: http://www.basishotel.com/track/?[12-char code]
Original 2… Continue reading Can SMS contain code / formatting? [closed]
There are recommendations to run processes as a non-privileged user within the docker container:
[…] run your processes as non-privileged users inside the container
See: docs.docker.com, also 1, 2
One reason I can see is that an attack… Continue reading Which attacks are prevented by switching the user within the docker container, given a read-only root fs?
Looking at the yearly stats of shadowserver.org, I see the following table. I’m uncertain how to interpret this, but I think the percentage means that 84% of viruses were captured by FSecure on Windows, but only 8% on Linux. I’m uncertain … Continue reading Is existing Antivirus Software on Linux less effective? [closed]
DAST is short for dynamic application security testing whereas SAST is static application security testing.
SAST is white-box testing while DAST is black-box testing, meaning SAST can (does?) use more information.
DAST tools are not langu… Continue reading How do DAST and penetration testing compare?
There have been quite a lot of data breaches in the past and I wonder how the companies got to know them. Were they only finding it in the news? Did individuals inform them?
What about small data breaches, e.g. if you have a user who has a… Continue reading Are there services to detect data breaches?