Is form data as is being inputted always safe?
When filling out forms in the browser is the client side input secure against JS and other attack vectors?
Continue reading Is form data as is being inputted always safe?
Author Archives: Sir Muffington
What’s the most simple approach to this wordlist generation and ruleset problem?
This is a password recovery project, which is more complex than just generated a wordlist, since using my tries (see below) it seems to be not enough to just generate a wordlist.
I’m trying to recover my old Bitcoin wallet, which I created… Continue reading What’s the most simple approach to this wordlist generation and ruleset problem?
Why don’t basically all "clusters" and similar distributed systems use Shamir’s secret sharing method? [migrated]
When I came to the topic of Ansible (Vault), when deploying secrets in Ansible and other passwords up to 128 characters Shamir’s Secret Sharing would be an ideal solution I think:
The secret is never in one spot
The secret can be encrypte… Continue reading Why don’t basically all "clusters" and similar distributed systems use Shamir’s secret sharing method? [migrated]
Some questions about AES-128 key wrapping using RFC3394
It’s that time of the year – I’m trying to learn how AES-128-CBC encryption works. My key is (since it’s AES-128) is 16 bytes, my IV is 16 bytes as well. My implementation of key wrapping does apparently does not help me much to comprehend… Continue reading Some questions about AES-128 key wrapping using RFC3394
Is it possible to reverse engineer an encryption algorithm derived from AES-128 given these conditions?
Given the following conditions:
The encryption program, which uses some algorithm resembling AES-128 but with unknown modifications to real AES-128.
It uses a fixed key and IV.
It is written in Rust WITH debugging symbols but no source co… Continue reading Is it possible to reverse engineer an encryption algorithm derived from AES-128 given these conditions?
Is UAC an overestimated protection measure in Windows? Does Linux do it better?
Windows is an API-based operating system, whereas Linux is file-based. Hence in my opinion, any operating system API security measures alone aren’t effective in Windows. One of such examples would be UAC in my humble opinion.
On the other … Continue reading Is UAC an overestimated protection measure in Windows? Does Linux do it better?
What security feature is this exactly?
I noticed that web apps like Gmail, Microsoft, Roundcube etc. when logging in, times out.
To be more specific – if I i.e. open up Gmail and enter the username or NOTHING AT ALL(!) and after two hours or so get back to the tab and try to lo… Continue reading What security feature is this exactly?
As long as an Android device does not get rooted, is it safe to assume that the main phone app has not been modified?
From a forensics standpoint, is there any technical possibility that WITHOUT rooting the device the potential cybercriminal used a manipulated system phone app to have hidden functionalities like secret messaging, which he had modified via… Continue reading As long as an Android device does not get rooted, is it safe to assume that the main phone app has not been modified?
How do you detect attacks on Intel ME firmware and the AMD equivalent?
Since there are quite a few exploits of Intel ME firmware in the CPU (same applies to AMD), I would like to know what SIEM solutions are there for detecting these kinds of attacks.
To be more exact, I would like to know how to detect known… Continue reading How do you detect attacks on Intel ME firmware and the AMD equivalent?
Is Voice over WiFi any more secure than GPRS/2G/3G/4G/5G? [closed]
I was wondering whether enabling Voice over WiFi on your smartphone increases your privacy since it disables GPRS/2G/3G/4G/5G, leading to the following question:
If VoWiFi is enabled, is Voice over WiFi optional or is it a mandatory when c… Continue reading Is Voice over WiFi any more secure than GPRS/2G/3G/4G/5G? [closed]