Collaborate Disseminate
What commonly deployed technologies in "smart" door locks require 2FA from an encrypted private key for auth?
I’m surprised by the number of "smart" locks on the market that seem to be horribly insecure. Their marketing… Continue reading 2FA for door locks (smart card + PIN) [closed]
Can my external keyboard see which keys were typed by my laptop’s in-built keyboard?
For ergonomic reasons, I sometimes use an external keyboard, to reduce the strain on my poor wrists’ carpel tunnels.
As a precaution, I usually only type … Continue reading Can all keyboards "see" the keys typed of all other keyboards? [closed]
How can I defend against a dropbox in an IP-based, wired camera system?
I want to install security cameras at my house. One of the locations (on the street-facing side) isn’t especially secure (hence the camera). I think it would be possib… Continue reading Dropbox-resistant wired IP camera system
Does the chocolatey package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I usually trust my OS package manager (ie apt) to actually valida… Continue reading Does chocolatey provide cryptographic authentication and integrity validation?
Does the cygwin package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
Fortunately, it’s possible to cryptographically verify the cygwin ins… Continue reading Does cygwin provide cryptographic authentication and integrity validation?
Does the npm package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with steps ask… Continue reading Does npm (Node.js package manager) provide cryptographic authentication and integrity validation?
My understanding is that the OAuth Authorization Code Flow is used to avoid exposing the access token from the User Agent. But why?
I was reading this article (Common OAuth Vulnerabilities) by Doyensec.
It says that the Authorization Code … Continue reading Why hide the access token from the User Agent? (OAuth Authorization Code Grant)
Why would an OAuth implementation choose to use the Authorization Code Grant — when it means that the access tokens are leaked to a third party?
I’ve been using API keys for a package on my server to communicate with a service provider’s … Continue reading When not to use Authorization Code Grant?
What questions should I ask to determine if a given OAuth implementation is secure?
I’ve been using a wordpress plugin for payments that authenticates with the payment gateway with an API key. I like this method, because:
When I generate … Continue reading How to assess poor OAuth security implementations?
Does PHP’s Composer package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with st… Continue reading Does PHP’s Composer provide cryptographic authentication and integrity validation?