Collaborate Disseminate
I am not very skilled at linux and besides reading about clone and unshare I would love to have some second opinion on the situation:
The setup
A process I intend to run is an automated "chrome service" that visits sites. These s… Continue reading Is a docker container that requires "clone" and "unshare" syscalls of any use?
What information does your ISP get when you plug your modem into your router?
Is there any way of hiding the routers identifying information from the ISP?
I have a question related to this FAQ:
https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/How-does-encrypted-cardholder-data-impact-PCI-DSS-scope?q=how+does+encrypted+data+impact+the+scope&l=en_US&fs=Search&… Continue reading PCI scope "Encrypted cardholder data that is accessible to an entity that also has access to the decryption key"
I read PCI DSS, and it’s not very clear in which contexts you can have the PAN in cleartext. One could think in no context, but that is impossible. You need it in clear text of course to print it physically in the card. They say "only… Continue reading How does a card issuer comply with PCI if they have to print PANs in clear text?
Windows Subsystem for Linux (version 2) is getting more and more traction lately with new features being added such as GUI mode over Wayland (WSLg). It seems to me Microsoft really pushes for WSL usage, however, I am worried about the unde… Continue reading Is WSL 2 secure for commercial work?
In an app I am testing they allow to input a domain name, store it, and when they print it on the browser they concatenate “http://” at the beginning of the domain. So, if you input “google.com”, then they create a link like … Continue reading java script in link href="javascript:alert(1)"
Ubuntu offers full disk encryption relying on luks. An often recurring area of criticism is the fact that Ubuntu disables hibernation by default while suspend-to-ram stores the private keys in the ram memory. However I wonder… Continue reading Is suspend-to-ram really a meaningful risk for Full Disk Encryption?
In our environment, we provide user certificates to sign or encrypt emails. This is an internal setting, meaning the CA is internal to our organization (not a public CA) and handled by our Active Directory PKI.
User certific… Continue reading User mail certificates policy: Is expiration+renewal better than no-expiration+revocation?
We’re working on an software service that integrates with some of our users’ iCloud data. From what I’ve read the only way to access iCloud on behalf of the user is to have them generate an app-specific password. As far as I … Continue reading Best way to store Apple app-specific password
As I understand how most WiFi hotspots work, they require the user to authenticate on a Web page that is served by a proxy on the WiFi default gateway. After whatever authentication process (if any) the user went through on the Web page, he is then allowed to connect to the Internet through MAC address filtering. But the WiFi connection is still in the clear and subject to casual eavesdropping isn’t it?
Or are there some WiFi protocols I am not aware of that would allow the user terminal to establish a new encrypted channel (à la WPA2) with the AP based on the interaction that the user had with the Web authentication process?
Edit: To clarify the reason for my inquiry is that I noticed that most WiFi clients nowadays notify the user joining such network that “An authentication is required”. On a mobile phone by selecting this notification the browser will directly open the authentication Web page. So I am supposing that there’s some WiFi protocol level exchange going on between the WiFi client and the AP related to this authentication step, so why not also getting a randomly generated PSK through a public key from the AP?