Collaborate Disseminate
Are there any security compliance standards that explicitly require end-to-end encryption?
I recently encountered a service provider that used a third party for "secure" communication. The 3rd party MSP sold them a product that c… Continue reading Compliance Standards that require e2ee (end-to-end encryption)
Are there any tools that can be used to enumerate all possible combinations of a narrowly-defined set of possible passwords to aid in password recovery?
I encrypted a file using symmetric encryption with a long passphrase. I forgot the pas… Continue reading Password Guesser Enumerator Tool (Password Recovery) [migrated]
How can I blacklist some directory [a] and whitelist some directory [b], where [b] is a directory inside of [a]?
I’m trying to figure out how to execute a firefox profile in a firejail such that it cannot see other firefox profiles.
Firefo… Continue reading How to blacklist parent dir and whitelist child dir in firejail
Is there any tools to scan and/or sanitize .stl files?
I maintain a security-critical GitHub repo. A contributor recently created a PR that includes changes to .md, .scad, and .stl files.
The changes to the markdown and OpenSCAD files can … Continue reading How to scan and sanitize STL files?
Does the GNU GUIX package manager in require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified because the repo’s man… Continue reading Does GUIX provide cryptographic authentication and integrity validation?
Does Node.js’s npm package manager cryptographically validate its payload’s authentication and integrity for all packages after downloading them and before installing them?
I see a lot of guides providing installation instructions with ste… Continue reading Does Node.js’s npm provide cryptographic authentication and integrity validation?
Is PSD2’s Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn?
For the purposes of this question, I’m classifying all systems where an OTP has to be transmitted as "insec… Continue reading Is 3DS compatible with secure 2FA technologies? (TOTP, WebAuthn)
What can I do to fix the CloudFlare "Checking if the site connection is secure" infinite loop?
I’m tying to load a website. The very first GET gets sent to an interstitial page run by Cloudflare that says
Checking if the site co… Continue reading Cloudflare infinte loop (Checking if the site connection is secure) [migrated]
Do PCRs (Platform Configuration Registers) on TPMs (Trusted Platform Modules) retain their data on reboot?
I’m trying to find out if all (or some) of the PCRs on a TPM are volatile (will loose their memory on power loss) or nonvolatile (wi… Continue reading Are TPM PCRs volatile, non-volatile, or both?
What was the first processor that Intel released that supported Boot Guard?
Intel Boot Guard provides mechanisms to authenticate the firmware on the system at boot-time. Unfortunately, I could find very little information about the history… Continue reading When did Intel release Boot Guard? [closed]