Collaborate Disseminate
There have been reports of attacks against certificate authorities resulting in the issuance of fraudulent TLS certificates for sites such as google.com, yahoo.com, and skype.com. These attacks seem to be a thing of the past though, and I … Continue reading What prevents certificate authorities from issuing fraudulent TLS certificates?
The user of the computer I am diagnosing believes that his internet traffic was redirected, and that he would sometimes be forced off the wifi access point that he thought he was connected to. I have noticed some unusual configurations, su… Continue reading Proliferation of Wifi Direct Network Adapters
I am considering how to make my chat application a bit more secure. It has a similar structure to IRC, multiple users can join each server, and servers can be hosted by anyone. I have been using TLS so far, but it has the problem of requir… Continue reading Suitable method of encryption for user-hosted chat platforms
One of the Paho MQTT client SSL options allows checking whether "a certificate matches the given host name.". If I enable this option then I cannot establish a TLS connection to MQTT using an IP address. In case it is relevant: t… Continue reading How does the MITM attack work when a client does not check the hostname vs the certificate? [duplicate]
I have been researching various techniques for preventing CSRF attacks, such as SOP, SameSite, Secure, Referer validation, and CSRF Tokens, and their potential bypasses. During my research, I discovered the following vulnerabilities:
I have been researching various common techniques for preventing CSRF attacks, such as SameSite, Secure, and CSRF Tokens, and how they can be bypassed. I found that the following vulnerabilities exist:
A website’s subdomain or sibling dom… Continue reading Can strict ‘Referer’ validation also be bypassed with vulnerable subdomains?
We have 2 servers communicating, server A (a server that I own), and server B (server on the internet that I trust). I get some info from server B, which are FIX messages (https://en.wikipedia.org/wiki/Financial_Information_eXchange).
Serv… Continue reading Using FIX over TLS, is there a need to sign FIX mesages?
What is the simplest way, using iptables, to ensure that all router traffic intended for the internet. Is infact, from the bonified gateway?
As far as I understand it. layer 2, is specifically device to device. Would it not be functionally… Continue reading Default gateway with iptables? [closed]
I’m using Apache Airflow and I was troubleshooting built-in smtp setup. A mass email occurred on "ops@myexample.com". It was used as a "From:" email in a mass email attack.
Chronology: Started docker by running an exten… Continue reading Malicious Mass Email Attack Occurred, Do I Still Have Problem?
Edit:
To clarify, this question is all about whether we should insist on implementing TLS for internal communications over public cloud tenants as a man-in-the-middle risk reduction control, given the complexity and sophistication required… Continue reading TLS and MiTM Attacks Relevancy over Public Cloud (SDN) internal networks