Collaborate Disseminate
My antivirus program (NOD32), when I open my bank’s website, pops up the following message (I’ll translate it to English):
Google Chrome is attempting to communicate on a channel without cryptography with an unreliable ce… Continue reading Why does NOD32 state I’m contacing ads.heias.com server while I’m going into my banking website?
Suppose the compression function f is given as below, where B is a block cipher which takes key K and plaintext M and outputs ciphertext C. Show that f is not collision-resistant.
I started as follows: take a random m1 and I… Continue reading Show that the function f is not collision resistant [migrated]
I work in the petroleum industry and I am ‘the young geek’. As such, I am often tasked with writing VBA macros, a bit of JS for data visualization and so on.
Lately, I have been assigned the task of ‘conducting systems audit… Continue reading What are the basic points to check during a systems audit?
I’m working quite some time now with TLS 1.3 implementations (OpenSSL, WolfSSL), but I can’t find anywhere in the TLS 1.3 drafts if alert messages should be encrypted or not. I personally thought only alerts send after the Client- and Serv… Continue reading Does TLS 1.3 encrypt alert messages?
I’m looking into setting up authentication between two application services. Service A is going to call service B, and I want service B to only accept (http) calls from service A, nowhere else.
I know how JWT authentication … Continue reading JWT or public-private keys for service to service API calls
I attended a seminar on Telecom networks few day back and there I came to know how vulnerable our signalling network (SS7/ SIGTRAN) is.
The speaker discussed an attack in which a spoofed SMSC is connected to a legitimate network’s SMSC a… Continue reading SMSC spoofing attack
As far as I understand, with Spectre, a malicious attacker from userland (javascript from webbrowser) can read “kernel memory”.
But the question is: what is in the kernel memory, that can cause any security/privacy problem?… Continue reading What privacy/security problems occur if a userland process can read the kernel memory?
According to these slides on replacing UEFI with Linux:
Between Linux and the hardware are at least 2 ½ kernels.
Are there any architectures that contain fewer layers between the main OS and the HW itself?
Continue reading What architecture could be suitable for a secure environment?
There was recently a “two for the price of one” deal on the Yubikey 4 and now I have too many of them. 😀
This got me thinking about things to do with them, more or less usefull. Of course I already use the smart card featur… Continue reading Security benefit of hadware backed host keys for OpenSSH
I know companies, governments, and other organizations create honeypots (ex: SQLi pages, Open Access Points, Open Ports, etc.) to lure in the bad guys. Are there any examples of the bad guys creating honeypots?