confidentiality – WindowsTechs.com

Is form data as is being inputted always safe?

Posted on October 29, 2024 by Sir Muffington

When filling out forms in the browser is the client side input secure against JS and other attack vectors?

Continue reading Is form data as is being inputted always safe?→

Risks from sharing screen recording of mobile Australia licence

Posted on October 16, 2024 by Darryn Brisdaz

A Swiss Unicorn scanning software company is asking for a screen recording of my digital driving licence via UpWorks a freelance marketplace.
They’re using Aphaia as outsourced DPO.
What are the risks of sharing mobile digital driving lice… Continue reading Risks from sharing screen recording of mobile Australia licence→

Should mail addresses for logins be stored hashed to minimize impact of data loss?

Posted on June 26, 2024 by dfsg76

I’m currently designing a user authentication system for a web application, and I am considering best practices for storing user login information. While it’s common to hash and salt passwords (with bcrypt/argon2) to protect against data b… Continue reading Should mail addresses for logins be stored hashed to minimize impact of data loss?→

Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?

Posted on June 11, 2024 by AllExJ

IPsec is said to have "partial" replay protection because if a packet arrives outside the window, we can’t track it, so we have to make a choice: do we risk and accept it, or do we drop it?
If we drop all these outside-window pa… Continue reading Why does IPsec has a "partial" replay protection? If we drop all packets outside the moving window, then where is the threat?→

Preventing Javascript in a browser from connecting to servers

Posted on June 9, 2024 by Cort Ammon

I have a webpage I would like to use locally (the JSON-LD Playground). It appears to be designed to operate without connecting to a server. I would like to have a strong confidentiality guarantee for the data I put in it. Is there a way… Continue reading Preventing Javascript in a browser from connecting to servers→

Bell-Lapadula model "Execute" permission

Posted on May 16, 2024 by hegash

In all BLP model descriptions I’ve seen, the permissions set is defined to be {Read, Write, Append, Execute}.
None of the three BLP security properties

The Simple Security Property states that a subject at a given security level may not r… Continue reading Bell-Lapadula model "Execute" permission→

How to change chrome version, os version and card name with patch (chrome/chromium)? [closed]

Posted on April 29, 2024 by Monday

I need to change the browser fingerprints, like chrom* version, OS name, OS version, video card name, screen resolution (all of these). I do not need random unreal versions like bromite/chromite it makes. I need a patch to the chromium cod… Continue reading How to change chrome version, os version and card name with patch (chrome/chromium)? [closed]→

What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)

Posted on April 15, 2024 by AllExJ

For ESPv2 I’m referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP header.
My professor warns against using ES… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)→

What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?

Posted on February 17, 2024 by AllExJ

What attacks can occur by altering the IP packet header with only ESPv2 (so having ONLY payload confidentiality&integrity but NOT integrity)?
My professor warns against using ESPv2 without header integrity due to potential header manip… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?→

What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?

Posted on February 15, 2024 by AllExJ

ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload.
What are the potential risks if an attack… Continue reading What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?→