Collaborate Disseminate
I am studying PDF text extraction. I came across this PDF from which i can’t extract text properly nor can i copy it. How to achieve it? Not that I am an expert.
here’s what i tried and found
text selection : Adobe’s text selection is nea… Continue reading How to analyse text extraction prevention measures in a PDF? [closed]
What is a good example of a use for security through obscurity?
I have tried looking this up but I still don’t really get it…
I have also seen other questions such as this one: Isn’t all security “through obscurity”?, but I still don’t exactly get the point and meaning.
Continue reading Example of security through obscurity? [closed]
As far as I’m aware, a locked iOS is considered very safe. No one, who does not know the PIN cannot unlock the phone. While the PIN seems weak on the first glance (4 digits?) it is actually strong, because enough failed attempts = data is … Continue reading How does iOS / Android device encryption work?
I don’t even know if this counts as steganography, but I have some passwords that are randomly generated characters. I have saved them by simply opening a picture file using a text viewer and pasting them to the end of the data.
Is this sa… Continue reading Is hiding passwords in an image file a safe place to store them?
I don’t even know if this counts as steganography, but I have some passwords that are randomly generated characters. I have saved them by simply opening a picture file using a text viewer and pasting them to the end of the data.
Is this sa… Continue reading Is hiding passwords in an image file a safe place to store them?
OpenSSH sshd enforces mode 0600 for authorized_keys when StrictMode is enabled. How is mode 0644 more vulnerable?
Continue reading Consequences of .ssh/authorized_keys being world-readable
As a general rule, security through obscurity is very bad and security and obscurity is still bad. This is because cypher = AES(plaintext) is already very secure. There is no need to add a custom layer on top of this, and more code means m… Continue reading Security and obscurity, anti-bot edition
To hide a restricted location, e.g.
location /secret/ {
allow 10.0.0.0/24;
deny all;
}
one could set
error_page 403 =404 /404.html;
error_page 404 /404.html;
to make impossible to distinguish a non-existing location (404) from a restri… Continue reading How to hide restricted nginx subdomains?
With the recent spate of open source software incidents (log4shell, npm hacks), I return to the timeless 1984 turing lecture by ken thompson on trusting trust – https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrusting… Continue reading In view of the recent open source security incidents, does "Security through Obscurity" represent a new way forward? [closed]
The only one I can think of would be if someone exports a backup of their inbox and doesn’t encrypt it for some reason. Other than that, is there any case where someone could read your emails from days ago, but not within the past hour?
F… Continue reading Does there exist any exploit to read someone’s old emails, but not recent emails?