Collaborate Disseminate
In every TV program where there’s a person that wants to remain anonymous, they change their voice in a way that to me sounds like a simple increase or decrease in pitch (frequencies). What I’m wondering is:
is the usual anonymizing meth… Continue reading Is changing pitch enough for anonymizing a person’s voice?
After reading some popular questions and answer on this website about BREACH, the only advice seems to be: don’t compress anything that might contain secrets (including CSRF tokens). However, that doesn’t sound like great advice. Most webs… Continue reading How are websites actually mititating BREACH? (HTTPS + compression)
Every time there’s a cyber attack, the attack obviously comes from somewhere. The attacker usually needs to receive some data, so the IP can’t be spoofed and must be a real IP. But what happens exactly behind that IP, to mask… Continue reading Most common setups used by cyber criminals for hiding the real IP [on hold]
I wonder if it’s better to standardize or randomize data for anonymity. For example, think of browser fingerprinting. If you standardize every parameter, you would have all browsers returning the same user-agent, the same ins… Continue reading Anonymity: standardization or randomization?
I might be mistaken, but it seems the firmware (UEFI) needs to load some stuff from the disk to be able to do anything really interesting, like loading some advanced tools or loading the OS. Yet firmware infections are often … Continue reading What can a compromised firmware (UEFI) do after the hard-disk has been wiped?
I’ve been trying to think of a safer way to check the email on an Android device. Android devices are generally very insecure, and therefore they should not be trusted for anything serious. Here are some reasons we should all… Continue reading A safer way to read emails on Android devices
There is a kind of race condition between the time when a developer releases a security update and the time when the security update is actually applied by the user. In the meantime, an attacker will be able to learn about th… Continue reading Avoiding the race condition between time of release and time of update
I’m not sure if the Virtualbox version from the repository of my Linux distribution is already signed and works right away, but since it’s not up-to-date I’m installing Virtualbox from the official repository of Virtualbox it… Continue reading Secure way to sign virtualbox module for secure boot
I’m wondering if it is possible to detect 100% of the possible SQLi attacks using a simple regex.
In other words, using very simple PHP code as an example:
if (preg_match(“/select/i”, $input)) {
attack_log(“Possible SELECT SQLi detec… Continue reading Is it possible to detect 100% of SQLi with a simple regex?
How should clients’ passwords be managed? By “clients” of course I mean people who you provide a service to, people who need you to work on their stuff (their websites, their servers, their emails, or other services they use … Continue reading How should clients’ passwords be managed?