Collaborate Disseminate
Do we know if there are speculative execution attacks that affect ARMv7 CPUs at this time? Are there any theoretical risks that need further investigation?
Continue reading Do any speculative executation attacks affect ARMv7 CPUs?
I have a Macbook configured with a firmware password required to boot from any media other than the built-in NVMe drive. In theory, this means without my password you can’t boot from removable media. Is this enough to prevent… Continue reading Is setting a firmware password on a Macbook enough to prevent cold boot attacks?
Is it possible for an infected endpoint to steal private keys from a FIDO U2F Hardware Token / Yubikey? What attacks exist against these hardware tokens? What mitigations are possible? For the scope of this question it’s limi… Continue reading Can an infected endpoint steal private keys from a FIDO U2F Hardware Token / Yubikey?
This is an operating system agnostic question. We are recommended to use password managers which encourage us to copy and paste our passwords. What protections exist if any to say a malicious website in another tab copying cl… Continue reading What protections exist on operating system clipboards?
I was reading over iOS’s security guide (Ref: https://www.apple.com/business/docs/iOS_Security_Guide.pdf) and it is unclear to me whether Apple can accessed synced Safari data. For example, if Apple received a FISA Order for … Continue reading Does Apple have access to the cryptographic keys to decrypt Safari Sync Data?
I have seen discussions of mysql_real_escape_string being bypassed (for example: https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string), however it’s important to note that the my… Continue reading Is there a method of bypassing mysqli_real_escape_string?