Collaborate Disseminate
Is it, in any way, insecure for a service to reveal the generation method of its password-reset-tokens?
I think that Kerckhoff’s principle is applicable here, stating that
a cryptosystem should be secure, even if everything about the syst… Continue reading Should the generation method of password-reset-tokens be kept secret?
While I doubt I would ever be tricked into performing the required user interaction for an attack, should I still disable the NFC feature of my mobile phone when it isn’t needed?
For example: if my phone is on and unlocked in my pocket, an… Continue reading Can NFC pose a risk without user interaction?
Text rendering overflow refers to when text escapes its designated environment.
While it might be annoying and disruptive, is it actually insecure to allow text to overflow?
As demonstrated below, one risk I see is the potential to pollute… Continue reading Is it insecure to allow text rendering overflow on a website?
Let’s say I’ve written a program for studying malware. When malware is detected, it is first encrypted and stored for later analysis.
Is encrypting malware a safe way to render it harmless?
In other words,
Can malware ever1 pose a threat w… Continue reading Can malware ever pose a threat when in encrypted form?
Let’s say I’ve written a program for studying malware. When malware is detected, it is first encrypted and stored for later analysis.
Is encrypting malware a safe way to render it harmless?
In other words,
Can malware ever1 pose a threat w… Continue reading Can malware ever pose a threat when in encrypted form?
Whether it be a private key for a TLS certificate, an SSH server, or a code signing cert, is it bad practice to use the same password across multiple?
My assumption would be no, seeing as a key compromise does not necessarily compromise th… Continue reading Is it bad practice to reuse a private key password across multiple keys?
This question’s answers do a pretty good job at explaining TLS certificate pinning, and this (external) article is the only source (I could find) that even briefly explains the differences between static and dynamic cert pinning.
But I sti… Continue reading Static vs dynamic certificate pinning
This question’s answers do a pretty good job at explaining TLS certificate pinning, and this (external) article is the only source (I could find) that even briefly explains the differences between static and dynamic cert pinning.
But I sti… Continue reading Static vs dynamic certificate pinning
When updating an iPhone to a newer iOS version, you are required to enter your passcode (usually a PIN) before going ahead with the system update.
Before now, I had never wondered why. But after doing some research, the only source I have … Continue reading Why does iOS require my passcode before performing a system update? [closed]
According to this question’s answer, a screenshot of a malicious image can in fact carry malware, meaning that the actual image itself is malicious.
But does this apply for audio content?
I know that the audio file can certainly carry malw… Continue reading Can audio content itself carry malware? [duplicate]