Collaborate Disseminate
So I’m by no means a security expert. I’m just a recently graduated software developer who is working on a contract project and I want to ensure I’m taking appropriate security measures for my client.
Essentially, my program functions as a… Continue reading Internal HTTPS recommended security practices
I’m trying to perform a MiTM attack on a local network connected device.
I configured the iptables to route the incoming traffic to port 443 and port 80 so it can be captured by the Burp Suite. However when i’m performing ARP poisoning usi… Continue reading MiTM using ettercap and burp suit and iptables
The service starts fine, the request is recorded in the mitmf console but the http site is not loaded. While, https sites load but requests are not recorded in the console. Please how do I work this out? Everything else works fine and the … Continue reading How to fix http websites not loading when using MITMf? [closed]
One of tor’s stated goals is to help individuals such as journalists, activists and whistleblowers protect against surveillance, and in many countries people in those lines of work or activities are usually subject to surveillance, especia… Continue reading How does a person under surveillance safely download tor or tails in a hostile environment?
I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure.
I think the security issues for clients… Continue reading Why is there no web client for Signal?
I’m using ajax to serve some static html pages as modal boxes, I got a report from veracode saying that I should validate the server’s ssl certificate and the chain of trust in the ajax call to ensure there is no man in the middle attacks … Continue reading Validate server certificate’s chain of trust in ajax call [closed]
I am trying to use webmitm to forward all HTTP/HTTPS traffic to another host that is running Burp Suite (ex: 192.168.1.8). Webmitm creates a crt and then I receive the following errors:
webmitm -d 192.168.1.8 (creates webmitm.crt)
First post, not a crypto expert. 🙂
TLDR
Is it wise to use SRP to implement app-level "passkey entry" pairing in Bluetooth LE? There are known issues with using fixed passkeys in BLE, even with LE Secure Connections.
Background
A… Continue reading Fixing BLE Passkey Entry with SRP
EMV protocol is vulnerable to a man-in-the-middle attack All VISA credit cards are affected VISA has to issue update for POS terminals Swiss security researchers have discovered a way to bypass the PIN authentication for Visa contactless transactions. … Continue reading Man-in-the-Middle Attack Makes PINs Useless for VISA Cards
I have read that the private key that the certificate owner/web server has (which is the corresponding private key of the public key presented on the certificate) is used to decrypt the data that the client sends to the server.
My question… Continue reading Priate key vs encryption session keys: For what is the private key used when there are session keys for encryption? [duplicate]