Collaborate Disseminate
Consider a remote and local system doing mutual authentication either by TLS through server/client certificates or similarly wireguard.
What are the differences when the private keys (in particular the one for the remote system/server) are… Continue reading Difference between private key exposure and tampering in mutual authentication
Activity coming from a VPN server outgoing traffic originates from the VPN’s public IP(s) so: (I assume through NATing) the VPN must be assigning some identifying information to the packets so it can know which users the incoming responses… Continue reading Is it possible for a MITM to distinguish traffic from individual users on a VPN? [duplicate]
If the target’s traffic is going through the MiTM, then can’t the spoofer find a way to just not traffic the connection? Or traffic the connection very slowly? Over all what I’m asking is that instead of a MiTM attack being for traffic ana… Continue reading Can a MiTM essentially block a connection?
A wise senator once noted that democracy dies with thunderous applause. Similarly, it’s also how privacy dies, as we invite more and more smart devices willingly into our homes that are built by companies that don’t tend to have our best interests in mind. If you’re not willing to toss …read more
Say I’m using a VPN to talk with a server, and Bob is eavesdropping for packets at the VPN.
Basically a special kind of man-in-the-middle attack.
If I’m using HTTPS, how clever would Bob have to be to bypass HTTPS and get the data from my … Continue reading Does HTTPS mean that packets can’t be read by intermediaries (like listeners at a VPN node, for instance)?
I’m trying to explore the possible attacks on MQTT without TLS. It’s obvious that this might involve MITM, but I need clarification on how to test attacks.
I did analyze the packets from Wireshark and can observe the message being transfer… Continue reading MQTT Attacks – without TLS
DNSCrypt queries and responses are encrypted but it also uses TLS/SSL. Is DNScrypt traffic subject to the weaknesses to TLS/SSL? How to secure it assuming a simple connection (router, ISP, DNS Server and back).
I understand the basics of security, lingo, certificates etc. I have run into numerous websites that still use HTTP but that puts into question encryption, security, surveillance, and interception.
If one uses a proxy website such as &quo… Continue reading HTTP, HTTPS, Encryption [closed]
Consider the case where a user with a freshly installed Linux box is operating in a hostile environment controlled by an attacker with access to the internet gateway.
How can such a user update the system and install software securely usin… Continue reading Securely installing software in a hostile environment
I am making a webview that is going to be part of a native iOS and Android app, I implemented the webview using HTTPS as a protocol, and developed my NodeJS app there.
But the security team from where I work, came with the following situat… Continue reading Isn’t HTTPS enough to prevent MITM in mobile apps? Why is SSL Pinning needed?