Collaborate Disseminate
How do I indicate that a specific document or transaction associated with a particular signature should no longer be considered valid?
I’m talking of recalling a signed document, not revoking the private key, because with the private key I… Continue reading Revoking a digital signature at the cryptographic level
I have a domain that is about to expire. It was used for hosting my freeware which I do not maintain anymore but can still be found on shareware directories. The application points to my domain (hardcoded) for further info.
What I am afrai… Continue reading Domain about to expire. Afraid that new owners will spread malware
When there’s a Youtube video embedded on a site that I visit while I am logged in Youtube beforehand,how does the embedded video know that it’s me so I can add it to my Watch Later list?
I think the process is like this:
The site that embe… Continue reading Cookie flow in a site that hosts embedded Youtube video
In a web mvc application I have the user login and then he is navigated to a View which presents some data fetched from the database based on a unique Id of the user. He can continue to other views to get more details etc.
After authentica… Continue reading Altering requests after authenticating
Reading around I gather that for a Restful API since you don’t use cookies,then you send the token in the Auth header.Correct so far?
When on a traditional MVC app ,do you send the token inside a httponly cookie? Does then the server have … Continue reading JWT token. Send in a cookie or Auth header depending on Rest vs MVC?
When implementing password hashing using PBKDF2 for authenticating access to a REST api,when we say that PBKDF2 is slow does it mean that it’s going to take a lot of time to hash the password and validate it, therefore the service not bein… Continue reading PBKDF2 usage will slow REST API down?
Many IOT devices and routers manufacturers hardcode plaintext default passwords in their devices.
Why don’t they store the hashed password instead?
For what functionality do they need the plaintext password?
In the Aws scheme of signing a http request with HMAC-SHA Signature you must use a secret key. When wanting to allow access to your API from a third party ,do you have to share the secret key with them too? If yes,how do you distribute the… Continue reading AWS hmac requires the distribution of secret key? [closed]
For triggering a Java exploit should applets be enabled in the user’s machine?
That is, in a drive by download scenario, can just visiting a malicious URL trigger an exploit/cve on the user’s pc due to an outdated Java vers… Continue reading Are there any JRE/JDK exploits that do not require the presence of applets or plugins?
There is now MITM on HTTPS traffic in Kazakhstan.
But for MITM to work, other than installing the certificate, there has to be someone proxying the request, right? Will that role be played by the ISPs?
Say I want to connect… Continue reading How can Kazakhstan perform MITM attacks on all HTTPS traffic?