Collaborate Disseminate
My website is served with TLS and does not use a (TLS-terminating) CDN. Is it still advisable to use Cache-Control: private for protected pages to account for (e.g. corporate) TLS termination proxies on the users‘ end (even though it is no… Continue reading Cache-control and TLS termination proxies
I have a microservice which sole purpose is to serve as a cache for other microservices. The point of the cache is to speed up processing, but the strong password hash algo counter that purpose. (Company policy require all service to be se… Continue reading Weak password hash + strong rate limiter = secure?
In RFC6455 section 10.3, it explains why they have made clients mask their outgoing frames (so that a malicious server cannot manipulate a client into sending something in plaintext, as the message could be a HTTP request which could be us… Continue reading Cache poisoning from rfc6455 (WebSockets) not requiring server message to be masked?
When Telegram downloads files to internal storage cache, does the ISP see the data that was downloaded? Or can they not see that at all or due to encryption?
Continue reading Can ISP see data downloaded from Telegram? [closed]
I remember having read a blog post or a forum post, some years ago, about a TrueCrypt user whose Windows machine sometimes, at boot, did not ask for the TC passphrase and decrypted automatically the volume.
It turned out Windows, in some c… Continue reading Windows decrypting TC volume without passphrase?
I’ve been using Ninjafirewall on WordPress websites for a while.
I recently installed a new caching plugin on my main website and I noticed the firewall log which usually has around 5000 blocked threats per month has less than 10 so far th… Continue reading Can Caching cause my WAF logged events to drop?
Do you trust your cache? To meet the demands of the end-users and speed up content delivery, content caching by web servers and content delivery networks (CDN) has become a vital part of the modern web. To explain how this can create vulnerabilities when it comes to data security requires first asking another question. Namely, […]
The post Data Security: Defending Against the Cache Poisoning Vulnerability appeared first on Security Intelligence.
Continue reading Data Security: Defending Against the Cache Poisoning Vulnerability
While it might have been a commercial failure compared to contemporary consoles, the Sega Dreamcast still enjoys an active homebrew scene more than twenty years after its release. Partly it’s …read more Continue reading Dreamcast Homebrew Gets Boost from SD Card Cache
AMD CPUs have yet another flaw: Researchers say they can steal private AES keys, leak kernel memory, set up covert cloud channels, and do other dirty, dark deeds.
The post New AMD Processor Bug Breaks Encryption appeared first on Security Boulevard.
Continue reading New AMD Processor Bug Breaks Encryption
[Gamozolabs’] post about Sushi Roll — a research kernel for monitoring Intel CPU internals — is pretty long. While we were disappointed at the end that the kernel’s source is not exactly available due to “sensitive features”, we were so impressed with the description of the modern x86 architecture and …read more
Continue reading Sushi Roll Helps Inspect Your CPU Internals