microwth – Page 2 – WindowsTechs.com

Public Key Crypto – sign Bob’s name into Alice’s message or encrypt Alice’s name

Posted on November 4, 2018 by microwth

I was reading Defective Sign & Encrypt in S/MIME,
PKCS#7, MOSS, PEM, PGP, and XML

and in section 5.1 Naming Repairs

By signing Bob’s name into her message, Alice explicitly identifies
him as her intended recipie… Continue reading Public Key Crypto – sign Bob’s name into Alice’s message or encrypt Alice’s name→

What actually is a Java applets vulnerability?

Posted on October 12, 2018 by microwth

When we say that Java applets are vulnerable, what exactly do we mean? A vulnerability in the underlying jre? In the browser? In the “applet” component?

what exactly is exploited?

Continue reading What *actually* is a Java applets vulnerability?→

What actually is a Java applets vulnerability?

Posted on October 12, 2018 by microwth

When we say that Java applets are vulnerable, what exactly do we mean? A vulnerability in the underlying jre? In the browser? In the “applet” component?

what exactly is exploited?

Continue reading What *actually* is a Java applets vulnerability?→

public WiFi hotspot-What is leaking at that tiny moment before connecting to a VPN?

Posted on September 15, 2018 by microwth

When you sign up for a VPN account you also download the service’s client,be it for Android, Windows etc but this question is specifically for Android or portable devices connecting through public hostspots.

For the VPN clie… Continue reading public WiFi hotspot-What is leaking at that tiny moment before connecting to a VPN?→

Spectre, Meltdown to read SSH keys

Posted on January 20, 2018 by microwth

I’ve got a VPS running on Ubuntu, accessed through SSH, passwordless and with a public key.

Can Spectre and Meltdown be used to compromise it in order to get access remotely eg by reading the private key stored on the server… Continue reading Spectre, Meltdown to read SSH keys→

Encrypted password inside compressed archive

Posted on February 19, 2016 by microwth

File compression utilities like Winrar or ZIP or 7zip encrypt the password and store it inside the archive.

How safe is that? I mean you are giving away the archive with the password inside,it’s not like authenticating again… Continue reading Encrypted password inside compressed archive→

Script Kiddies – how do they find my server IP?

Posted on February 12, 2016 by microwth

I’ve set up a site on Digital Ocean without a domain yet, so there is only the IP.
Despite telling no-one of its existence or advertising it, I get hundreds of notices from fail2ban that various IP’s are trying to hack my SSL… Continue reading Script Kiddies – how do they find my server IP?→

HOW is the malicious URL/payload is delivered to the user on a DOM based XSS attack?

Posted on October 27, 2015 by microwth

Testing for DOM based XSS at OWASP reads:

The first hypothetical example uses the following client side code:

An attacke… Continue reading HOW is the malicious URL/payload is delivered to the user on a DOM based XSS attack?→