Collaborate Disseminate
I just accidentally uploaded my PGP key in unencrypted format to rsync.net. As far as I know, nobody but me has access to the account. Is my key compromised?
Continue reading Is my PGP key which I uploaded to sync.net compromised?
This is code for a CTF challenge, the goal is to call the system function to extract the flag but in order to do so the value of outcome should be changed to 0x4774cc. I am having hard time figuring out a way to overwrite/change that becau… Continue reading Overwrite a variable in a binary during execution
If I run an IRC server, and my friend and I connect over TLS and chat, is the conversation essentially end-to-end encrypted because all computers that see the plaintext messages are owned by one of the participants?
Let’s Encrypt offers free TLS certificates, including wildcard certificates. Is there ever a reason to pay for a certificate? Is it just "we have to pay for everything so we can sue someone if something breaks" corporate policies… Continue reading Why does anyone not use Let’s Encrypt?
SMS is a quite common, albeit insecure, 2FA method. Why is email not more common? If someone is using a computer, they almost certainly have an email address, while it is less certain that they have a phone number (and one that can receive… Continue reading Why is email 2FA not common?
I’m writing a mailing list manager program. For subscribing and unsubscribing, I’m considering using HMACs of email addresses with secret keys to generate unsubscribe links. This key would be generated one time on the server and then used … Continue reading Is an HMAC of an email address with a permanent secret key a good way to generate security tokens for unsubscribing from an email list?
I’ve started using a clipboard manager (clipBoardFusion) on Windows and I’ve noticed by chance that it also real-time tracks opened programs. It’s creepy because it also tracks Tor browser which now might be useless even though I’m running… Continue reading How can apps track which other apps are running?
I wonder how Windows Bitlocker and other similar software works.
I know they differ in terms of security level as some software does not fully encrypt locked files, but I’m speaking of unauthorized remote access. Do they also protect again… Continue reading How exactly does Windows Bitlocker work?
I wonder how Windows Bitlocker and other similar software works.
I know they differ in terms of security level as some software does not fully encrypt locked files, but I’m speaking of unauthorized remote access. Do they also protect again… Continue reading How exactly does Windows Bitlocker work?
I host a legacy HTTP website on my own hardware in China. It was attacked due to the Struts file upload flaw last month. But yesterday, Communications Authority in my province alarmed me, there is still a backdoor on my websi… Continue reading How could the Chinese Communications Authority find a backdoor on my website?