I find the e-mail (as method of message exchange) convoluted and easy to break [closed]

I am very well aware of the reason that e-mail is such a nightmare/mess today, in so many ways. This is not what I’m asking about.
I’m wondering why it was originally decided to make e-mail so convoluted. Just to make one simple and obviou… Continue reading I find the e-mail (as method of message exchange) convoluted and easy to break [closed]

Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?

It is technically allowed by many programming languages to supply parameters in POST requests as part of the URL, similar to a GET request. You can do this in addition to supplying parameters in the body of the POST request at the same tim… Continue reading Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?

Are injection vulnerabilities a design or an implementation flaw?

Are injection vulnerabilities mainly a design or an implementation problem? I’m using SQL injection as an example; I’m interested in other injection vulnerabilities as well.

I believe that it is the direct consequence of lazy programming,… Continue reading Are injection vulnerabilities a design or an implementation flaw?

What was the original intent for the feature that StrandHogg uses?

The “Affinity” of Android tasks seems really complex to handle. The StrandHogg vulnerability uses tricks with “Affinity” to render itself inside an another app.

The information that I’ve found this far does not provide exact details of vu… Continue reading What was the original intent for the feature that StrandHogg uses?

What are the flaws in this security protocol between client and server?

Here is my security protocol for the use of a service provided by server. It utilises a symmetric key:

Client requests to use a service
Server sends back nonce
Client sends back nonce encrypted with Alice’s key
Once server … Continue reading What are the flaws in this security protocol between client and server?