php / Detect request protocol to prevent attacks [on hold]
Is it useful to check the PROTOCOL used to send the request to prevent attacks? thank you.
Continue reading php / Detect request protocol to prevent attacks [on hold]
Category Archives: protocols
Critical PGP Vulnerability
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. There are currently no reliable… Continue reading Critical PGP Vulnerability
What are non-standard ports and protocols [closed]
I am new to the security field and reading about how to check if an application is secure. One of the checks involves finding out if the app uses non-standard security ports and protocols. However, there are thousands of port… Continue reading What are non-standard ports and protocols [closed]
MsChapV2 authentication and Evil Twin attack
I’m trying to understand the dynamics of the authentication process in the MS-CHAPV2 protocol. In particular, if I implement an Evil Twin attack I can’t understand how it’s possible that I can retrieve the NTLM v1 password. F… Continue reading MsChapV2 authentication and Evil Twin attack
20 Critical Security Controls: Control 9 – Limitation and Control of Network Ports, Protocols, and Services
Today, I will be going over Control 9 from version 7 of the CIS top 20 Critical Security Controls – Limitation and Control of Network Ports, Protocols, and Services. I will go through the five requirements and offer my thoughts on what I’ve… Continue reading 20 Critical Security Controls: Control 9 – Limitation and Control of Network Ports, Protocols, and Services
How safe is WireGuard VPN for production in its current state?
In our project we had to build a VPN to get through to computers residing behind NAT. I never did it before. While looking for suitable software I came across WireGuard which claimed to be very simple.
After some reading I indeed was able … Continue reading How safe is WireGuard VPN for production in its current state?
Does TLS protocol make encryption at L2/L3 layers redundant?
If a pair of endpoints are using TLS protocol for secure data exchanges, does it make the encryption at the network or MAC layers redundant?
E.g. if I create a TLS session between two endpoints using bluetooth as transport,… Continue reading Does TLS protocol make encryption at L2/L3 layers redundant?
Why does TLS 1.3 deprecate custom DHE groups?
According to the second draft of the TLS 1.3 specification, custom DH groups have been deprecated. As we all know, hardcoded DH groups are vulnerable to a precomputation attack that allows retroactive decryption. Since TLS 1.3 doesn’t depr… Continue reading Why does TLS 1.3 deprecate custom DHE groups?
Does TLS 1.3 encrypt alert messages?
I’m working quite some time now with TLS 1.3 implementations (OpenSSL, WolfSSL), but I can’t find anywhere in the TLS 1.3 drafts if alert messages should be encrypted or not. I personally thought only alerts send after the Client- and Serv… Continue reading Does TLS 1.3 encrypt alert messages?
If i am using Strong Ciphers TLS 1.2 only, will this boost the security of my HTTPS & SSH Protocols? [duplicate]
This question already has an answer here:
Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment?
4 answers