Collaborate Disseminate
If a web application (like an internet forum, social media, etc.) does not remove GPS metadata (EXIF) from uploaded pictures, is it considered a security vulnerability or not? Why? And would it be possible to calculate its CVSS score?
I de… Continue reading GPS metadata in uploaded pictures: vulnerability or not?
Is it considered a bad practice to use a secret method to encode data in steganography? We all know that it is a bad practice in cryptography, for at least two reasons:
A public method can be checked by experts so we know it’s safe
A secr… Continue reading Secrecy of the method in steganography
What is the probability that an AES encrypted file, using a wrong password, gets decrypted to something different than the plaintext, but which could still be likely to be interpreted an the true plaintext by the attacker? Example:
John D… Continue reading Probability of getting different plaintext with different key
Often it is impossible at first sight to understand if a package in a repository is up-to-date with security fixes, because the maintainers use a different naming when applying the patches to old branches. So for example, while Foo version… Continue reading Is VLC from the Ubuntu LTS official repository insecure?
Today Ubuntu (and some other distros) offer a new way to install software, which is snaps. It’s software packaged with all its dependencies, run with some kind of containerization, and auto-updated. This might make it sound like it’s defin… Continue reading Are Ubuntu Snaps more secure than the classic installation method from the official repos?
Have there ever been any vulnerabilities of the following kind, especially recently, and if so, how many or how common they have been?
The vulnerability:
Must be present in the OS/distro in its default configuration and default software. … Continue reading Have there been remotely exploitable, zero-click, wormable vulnerabilities in popular Linux distros? [closed]
Suppose I have a password, say "thisIsThePassword".
Then I have MD5 hashes of that password followed by an increasing numeric suffix:
MD5("thisIsThePassword1") = c5c038617ea97315f137606c4123789e
MD5("thisIsThePassw… Continue reading Randomness of hash of (password + suffix)
I’m not sure if there is already a question here about this because I can’t find anything. But I’m wondering if there are any "safer" ways to print sensitive information without leaving traces on the printer (sensitive data in ca… Continue reading Print sensitive info without leaving data on the printer
I recently heard that a telephone company (a mobile network operator) was hacked and lots of data was stolen, maybe affecting up to a million customers. It sounds like the leaked data is already available on the dark web, and it includes a… Continue reading Does replacing the SIM card mitigate any threats after a serious data breach?
All the other questions I have seen here focus on the security implications of IP addresses. I’m interested about the privacy implications.
In my opinion, static IP addresses for home connections (where you usually don’t need to host any s… Continue reading Privacy implications of static IP addresses (for home connections)