Collaborate Disseminate
I have an Windows 10 desktop application that runs in user mode only, and this application is a local tool only — that is, it does not "talk to the internet".
As an example:
This application uses libxml2 as a DLL distributed in … Continue reading Is an outdated library in a Windows user mode desktop application an actual security risk?
Shellcode cannot include \0
Can password security be enhanced by adding \0 in password?
If adding \0 in the middle of the password, such as for changing Gmail, Outlook, Apple, LinkedIn, Facebook, stackoverflow, etc. password, will the pas… Continue reading Can password security be enhanced by adding \0 in password? [closed]
What can be added to ToDo List besides change password of network accounts that can repeat every month?
Continue reading What can be added to ToDo List besides change password of network accounts?
We are told to erase (overwrite) sensitive files, not only simply "delete" it (i.e. only remove the information where it exists). For the moment being, I’d like to focus on the following and ignore other aspects (e.g. wear leveli… Continue reading Storage media byte state from shelf and after different formatting algorithms
I have a query regarding best practice of using PGP to sign emails with Thunderbird 78.
Thunderbird 78 took an existing system by Enigmail and brought it "in-house" to be built into the email client program. This results in some … Continue reading PGP security with Thunderbird 78 email client
There is an external hard drive of almost 1Tb which has about 650Gb of data on it, the external HD is connected to computers via USB interface.
As far as I’m aware, this external HD is for all intents and purposes a massive USB drive. It i… Continue reading How to encrypt a usb drive which already has data on it [migrated]
I have a web server that uses the ECDHE-RSA-AES256-GCM-SHA384 cipher suite. I noticed that when given the "(Pre)-master-secret log" file (generated by the browser), Wireshark is able to decrypt the traffic given the client random… Continue reading Is it possible to decrypt TLS traffic through OpenSSL?
I have a host with different bridges and a daemon not only to listening on a certain IP, but it is also attached to the bridge. I would like to communicate with this daemon with traffic coming from another bridge/an interface not part of … Continue reading Can iptables or route be used to eg double-DNAT so traffic appears to be from a different bridge?
Basically, I am having an <a> tag with target set to _blank, where an attacker has control over the href parameter, thus possible inserting a javascript tag, like the following:
<a target=”_blank” href=”javascript:… Continue reading XSS with <a> tag with target="_blank`
I (from EU) recently attended a scientific conference in China. As part of the goodies there is a decent looking thumbdrive which has the conference logo printed on it. It seems to be in original packaging, so I guess somebod… Continue reading Should I use a thumbdrive I got on a conference in China? [on hold]