Collaborate Disseminate
From a security perspective, is it considered bad practice to use the company name as a part of an SSID?
Assuming that the company is located in a densely populated area with a lot of “competing” wireless networks, having an easily ident… Continue reading Is it considered bad practice to use company name as part of an SSID?
For input validation on a website, are there any security concerns with disclosing to the user exactly what characters are valid or invalid for a given field?
CWE-200: Information Exposure says one should try not to disclose information &q… Continue reading Is it a security vulnerability to tell a user what input characters are valid/invalid?
I am trying to understand how DRM works under the hood. There doesn’t seem to be much information about it on the web so I figured I would ask here.
After some attempted research, I found it extremely difficult to find any … Continue reading How does Widevine, FairPlay, and other DRM’s work under the hood?
This essay discusses the futility of opting out of surveillance, and suggests data obfuscation as an alternative. We can apply obfuscation in our own lives by using practices and technologies that make use of it, including: The secure browser Tor, which (among other anti-surveillance technologies) muddles our Internet activity with that of other Tor users, concealing our trail in that… Continue reading Obfuscation as a Privacy Tool
I’m setting up a service which allows a single 3rd party to access a file over HTTPS. The only security mechanism the 3rd party supports is Basic Authentication.
To reduce complexity, I was going to host the file on S3. Howe… Continue reading HTTP Basic Authentication vs. obscure filename
I’m struggling to find a quote advising that we should be comfortable in sharing details of encryption methods and implementation with would-be attackers and the system still remain secure. The idea is that the keys are what … Continue reading Looking for a specific quote about keys and transparent encryption implementation
This question already has an answer here:
What would one need to do in order to hijack a satellite?
7 answers
I just read… Continue reading How are the Voyager spacecraft protected from hackers? [duplicate]
Edited to clarify: *The bucket is used by EC2 instances that process its data and display parts of it to the user. The EC2-S3 interaction is invisible to the user. *
Can I assume that a public S3 bucket will not be discover… Continue reading S3 Bucket Name Obscurity as Security
I am building a web app that needs to be secure. Is there any security advantage to hiding path parameters? I am using Angular (I don’t know if this is important).
What I mean by hiding path parameters is instead of having a… Continue reading Is there any security advantage to hiding URL parameters?
I’m creating a new website, so I am thinking about how to protect my email address and phone number against crawlers, I actually mean email harvesters (most of which I suppose don’t have JavaScript enabled, but I don’t have a… Continue reading Is security by obscurity / obfuscation a valid option, or do the crawlers have JavaScript enabled?