Collaborate Disseminate
I’m a student and during one of my classes I came up with an idea about sharing data online. I’ll say right away that I’m not an expert, but rather an amateur who wants to share my thoughts and get your professional opinion.
So, if we take… Continue reading Can puzzle-based data exchange enhance decentralized network security? [closed]
Encryption schemes are usually explained to the general public in terms of "time required to break" where strong encryption like AES-256 should in theory take millions of years.
Given that secure random numbers streams are incomp… Continue reading Could this method allow two people using weak cryptography to bootstrap their way to unbreakable cryptography (e.g. otp) [migrated]
I am facing a recurring issue when attempting to use the -N option to specify network settings for fuzzing an HTTP server. Despite following the syntax guidelines, AFLNET doesn’t seem to recognize the network settings correctly.
Commands U… Continue reading Issue with -N Option in AFLNET: Fails to Parse Network Settings Correctly [closed]
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol:
On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.
The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity…
Continue reading Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
Interesting analysis:
This paper discusses the protocol used for electing the Doge of Venice between 1268 and the end of the Republic in 1797. We will show that it has some useful properties that in addition to being interesting in themselves, also suggest that its fundamental design principle is worth investigating for application to leader election protocols in computer science. For example, it gives some opportunities to minorities while ensuring that more popular candidates are more likely to win, and offers some resistance to corruption of voters…
Continue reading Security Analysis of a Thirteenth-Century Venetian Election Protocol
I am trying to understand how does engines like Shodan is able to fingerprint remote Bacnet devices with the responses as shown in the screenshot below.
I tried using a sample python code using BAC0 library.
import BAC0
bacnet = BAC0.lite… Continue reading Fingerprinting Remote BACnet devices
I have a question in my mind regarding the inner workings of Kerberos protocol. If the generation of the session key is somehow insecure, does this compromise the security of the Kerberos protocol?
I am thinking at the point of the Ticket … Continue reading Kerberos protocol attacks?
I’m studying up protocols, authentication and attacks for a class I’m taking, but I’ve encountered a question that I just cannot figure out.
If Alice and Bob have the below protocol and the session key, which is achieved in 3 messages and … Continue reading How can Trudy attack the protocol where both Alice and Bob complete authentication and Trudy gets the session key?
I need to design a scheme, where access to an offline System is granted based on some kind of information/proof of knowledge, provided by a separete system, Prover system.
I’m in position where I can put any information on both Systems.
Th… Continue reading Need for authentication in an offline system
I have an assignment in which I have to implement OCSP and do a proof of concept of a vulnerability.
My idea was to implement OCSP without using a nonce (this is done) and then perform a replay attack. However I’m having trouble doing the … Continue reading Any vulnerability of OCSP for proof of concept