Collaborate Disseminate
I’ve heard second-hand that the TLS 1.3 spec includes additional functionality to avoid URL category list filtering by firewalls and cloud-based proxies. Is that correct? If so, is there any documentation on how that works?
I can’t seem … Continue reading Does TLS 1.3 spec include additional privacy controls for avoiding URL category filtering?
As per some network certification training material, I noticed the following description of the Time To Live IP header:
The time to live (TTL) is set into a packet when it’s originally generated. If it doesn’t get to where it’s supposed … Continue reading Can IP header TTL values be exploited as an attack vector? If so, what can protect against that?
I’ve noticed that some sites publish very detailed password requirement statements to users.
Here’s an example screenshot (not singling out this site – just a random image that came up when googling ‘password requirements’):
In this case,… Continue reading Is it bad practice to publish details of password complexity requirements? [duplicate]
I’m trying to become more familiar with OVAL tst def and obj references in joval xml definition files.
For example, I’ll see stuff like:
<criterion comment=”Foo” test_ref=”oval:org.mitre.oval:tst:123″ />
And then… Continue reading What’s the difference between OVAL definitions, objects, and tests?
Ugh. Sorry – the question needs to be rephrased. Essentially I’d like to understand why some software applications (like tomcat) have CVEs filed while other open source software does not. What are the eligibility requirement… Continue reading What are the eligibility requirements for an application to have a CVE vulnerability filed for it?
I’m studying for the CCSP exam and one of the examples of technical controls (referenced in the course training material) confuse me:
Technical controls, also referred to as logical controls, are those
controls that en… Continue reading Is it reasonable to consider logs as a "technical control"?
I’m studying for the CCSP exam and I’m a little confused on the difference between “Risk Appetite” and “Risk Tolerance”. Is there a clear and discernible difference? Can the terms be used interchangeably?
To me, both terms… Continue reading Is there a difference between "risk tolerance" and "risk appetite"?
Sorry if the title is a bit confusing. I’ll try to rephrase: GDPR obviously improves transparency and protective services in global service providers/vendors that involve users in the EU. I can see how transparency about dat… Continue reading Does the advent of GDPR result in improved protections for customers based exclusively in non-EU countries?
I’m studying for the CCSP exam and I came across this description:
An event is any unscheduled adverse impact to the operating
environment. An event is distinguished from a disaster by the
duration of the impact. W… Continue reading Is this description of the term "event" accurate witihin the context of Business Continuity and Disaster recovery?
I’m studying for the CCSP exam and one of the BC/DR terms that is referenced in my study material is “Maximum Allowable Downtime”. The definition for it is:
MAD (Maxium Allowable Downtime) How long it would take for an … Continue reading Is there a difference between "Maximum Tolerable Downtime" and "Maximum Allowed Downtime"?