Collaborate Disseminate
(I had checked the similar topics this/this/this/this, but I couldn’t find the exact scenario or example)
Let’s say I have a websocket server (MITM and XSS attacks are not in scope) where inside ‘open’ event, I check if user has authorizat… Continue reading What’s threat if WebSocket connection only checks authentication in the `Open` event
There are tons of TOTP (2FA) Authenticators out there (for Windows, Android, iPhone …). However, in terms of security, what are the main characteristics that an app needs to meet to be called really secure? (For example, apps without ha… Continue reading What are characteristics of secure TOTP 2FA Authenticator
When we enable 2-FA in google account using TOTP code (authenticator app), additionally the Google Prompts are enabled by default,
without having an option to disable that.
Is there any workaround, to disable Google Prompts (consciously, … Continue reading Any way to disable Google-Prompt as a 2-FA sign-in method, while we use TOTP codes?
I understand, that mobile phone verification is probably the most convenient way to validate real users and avoid spam, but those "secure/private" messengers are afterward still bound to phone numbers, and this has inherent vulne… Continue reading Is there any way to de-link a secure messenger (Telegram/Signal/WhatsApp) from phone number?
In my country, the bank I use (and most other banks I know) rely solely on SMS 2-factor codes (which is obsolete authentication method) when logging-in, making payments, etc… and if you have your phone shut down, unavailable or battery … Continue reading Why do banks not implement more secure options, instead forcing archaic approaches? [closed]
With my limited knowledge of cryptography and its correct terms, functions (md5, base64, sha, aes or whatever) turn an input into encrypted output. For example, if the following input turns into following output:
input | output
___________… Continue reading Is there any chance of failure in Cryptography [migrated]
As it is not hard to interpret other people’s SMS with targeted attack, is it also possible that someone made a tool that can hack SMS’s in bulk? let me explain theoretical routes:
Use a Relay Antenna with strong signal, to cause all nea… Continue reading Can someone hack people in bulk with SMS RELAY hacking?
I’ve decided to designate a separate topic to this question ( even though I’ve mentioned this in topic: Best practice to secure hard-drive of computer(laptop) in case of Stealing ^ Loss ^ Unauthorized access? ), so this quest… Continue reading Can someone bypass/recover/access data to Hard-Drive when Password Protected?
Scenario:
a person owns and used only a laptop (or PC) and on its hard drive is stored sensitive information, in addition, in browsers the logged-in sessions to gmail, facebook, server, etc…etc..
Existing secutiry:
Ha… Continue reading Best practice to secure hard-drive in case of theft or loss or unauthorized access?
I have been astonished first, when I’ve found that Putty just stores cleartext credentials in Windows Regedit:
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\
How or why is Putty so much popularized, while it has ch… Continue reading PUTTY – Most insecure SSH client?