Collaborate Disseminate
Is there a term for when you a particular system design might prove to have some advantages, but doesn’t actually qualitatively change the potential attacks on the system and thus ends up as redundant, excessive, misleading, costly, and/or… Continue reading What is a term for ineffective security measures that don’t prevent any realistic attack?
I’m working with an HTTPS API that requires me to include a Signature header, the signature is calculated as codeBase64(hmacWithSha384(key, body)). I’m wondering if it provides any real-life benefits or if it’s just security theatre, as op… Continue reading Do `Signature` headers have real benefits?
If some security measure serves only to add an extremely small barrier to an attack, are there generally accepted principles for deciding whether that measure should be retained?
Does defence in depth advocate that any hurdle (no matter ho… Continue reading Security in depth vs security theatre
I was looking for the answer of this question what is header and what is header Attack. And I want to know that how powerful is header attack and is the best way to perform header attacks. If anyone here who can guide me regarding to the h… Continue reading What is header ? and what is the different Between header attacks. And other normal attacks?
My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible…
For work and other official matters, I am often forced to use websites and apps which clearly have some kind of cargo cult going on in their security department, given that they impose extremely foolish requirements on passwords:
I feel sorry for the accused:
The “security incident” that forced a New-York bound flight to make an emergency landing at LaGuardia Airport on Saturday turned out to be a misunderstanding — after an airline passenger mistook another traveler’s camera for a bomb, sources said Sunday.
American Airlines Flight 4817 from Indianapolis — operated by Republic Airways — made an emergency landing at LaGuardia just after 3 p.m., and authorities took a suspicious passenger into custody for several hours.
It turns out the would-be “bomber” was just a vintage camera aficionado and the woman who reported him made a mistake, sources said…
Continue reading Airline Passenger Mistakes Vintage Camera for a Bomb
In numerous action/stealth movies, video games, cartoons, etc., they are escaping from a prison or similar setting, in the middle of the night when it’s dark, with the guards moving the searchlights in a predictable, set-in-stone pattern.
… Continue reading Why would searchlights in a prison or similar setting use a set pattern? [closed]
Example video: https://www.youtube.com/embed/wvqyIr-4jBk
He always brushes over the detail of just how exactly he can be connected to the scammers’ computers, seeing their webcam, viewing their desktop in real time and downloading any file… Continue reading How exactly is that British guy on YouTube able to "have access to" the scammers’ computers? [closed]
On some internet banking websites, I’ve seen some CVV input fields that seem strange to me. Here is an example:
The field works as such:
You can not input a CVV code using a keyboard.
The numbers are never in their normal order (1, 2, 3…. Continue reading Over-the-top (?) security practices for CVV inputs