Collaborate Disseminate
I have a server that enforces access control by means of cryptography, by not giving up data, or by a combination thereof.
By the former (cryptography), I mean: If a user requests some data, the server gives it in an encrypt… Continue reading What is the correct terminology for enforcing access control by means of cryptography, or on a privileged list?
I reached out to an old friend of mine who was a terrific programmer back in my school days and he invited me to attend one of the CTF events with his university group.
This group seems very beginner friendly and open to eve… Continue reading What exactly is CTF and how can I as programmer prepare for a CTF with beginner-friendly people?
What is the difference between the terms “vulnerability” and “weakness” when it comes to security?
I was looking at the CWE page and it mentions that a weakness leads to a security vulnerability. I understand this only parti… Continue reading Difference between "weakness" and "vulnerability"?
I am working on a research project where we segregate domains used for malicious purpose from benign domains.
However, my guide does not want the term malicious domain and benign domain in the paper. This is because, accord… Continue reading Benign, Malicious Domains and Definitions
Protection rings are different privilege levels granted to software, with the kernel being the most privileged, applications the least privileged, and drivers somewhere in between.
My question is why are they called rings? (… Continue reading Why are Protection Rings called rings?
I’m writing a blog post analyzing a list of phishing domains and I’m coming across a lot of IDN homograph attack domains and these “subdomain attack domains” but I cannot find the technical/good way to describe it.
For examp… Continue reading What is this phishing technique called using subdomains
I am trying to understand the working of TLS. I understand that there are various way to generate the master secret used to encrypting the data. Such as DH (Ephemeral DHE) and RSA. I understand that, when using RSA, the clien… Continue reading Is server public key and Diffie Hellman public are the same?
I noticed a comment on this answer where another user said
…but it requires risking burning a 0day, which people are not always all that willing to do.
I did an Internet Search for the phrase “burning a 0day” (and similar permutat… Continue reading What does it mean to "burn a zero-day"?
I’m studying for the CCSP exam and one of the examples of technical controls (referenced in the course training material) confuse me:
Technical controls, also referred to as logical controls, are those
controls that en… Continue reading Is it reasonable to consider logs as a "technical control"?
I’m studying for the CCSP exam and I’m a little confused on the difference between “Risk Appetite” and “Risk Tolerance”. Is there a clear and discernible difference? Can the terms be used interchangeably?
To me, both terms… Continue reading Is there a difference between "risk tolerance" and "risk appetite"?