Collaborate Disseminate
OpenID Connect defines a special use case for self-issued.me and it’s registered overseas to what I assume is a fictional name.
What is the risk of someone owning this domain w.r.t. OpenID Connect?
self-issued.me
Domain Name: SELF-ISSUE… Continue reading Who is the special OpenID Connect URL "self-issued.me" issued to, and is it a risk?
OpenID Connect defines a special use case for self-issued.me and it’s registered overseas to what I assume is a fictional name.
What is the risk of someone owning this domain w.r.t. OpenID Connect?
self-issued.me
Domain Na… Continue reading Who is the special OpenID Connect URL "self-issued.me" issued to, and is it a risk?
This research paper by Microsoft makes the assertion that because a mobile device’s RAM is always loaded with data:
Encrypting data at rest is less useful for smartphones and tablets, as their data can always be decrypted… Continue reading What practices can a user (and developer) take to prevent Memory Attacks on a mobile device?
During the course of using the tenant I discovered the following “hidden” service principals that aren’t visible in the normal portal.azure.com or manage.windowsazure.com admin websites.
PS C:\Windows\system32> Get-MsolS… Continue reading What is a MsolServicePrincipal and what risks or threats does it pose to Azure AD?
I’m currently implementing the default Struts2 token interceptor on all of our forms as a measure against CSRF (making a user unknowingly execute an action on our product by visiting another website and triggering malicious j… Continue reading Is the Struts2 token interceptor a viable way of protecting against CSRF?
I am always confused between Prevention, Detection, Protection. Which one is before the another? I’d say Prevention –> Detection –> Protection. Is that valid?
Continue reading Understanding Prevention, Detection, and Protection
I’m thinking about creating a physical lock, where the keys would simply be paired Bluetooth devices, but I’m concerned about the potential (in)security. I would like to have a Bluetooth 2.1 module constantly scan for paired … Continue reading Is it possible to spoof a paired Bluetooth device?
Introduced by Microsoft in recent versions of Windows and its compilers, Control Flow Guard is a useful defence in depth measure in the mitigation of return-oriented programming exploits.
My question is, is there any equival… Continue reading Is there an equivalent of Control Flow Guard for Linux?
I am concerned about the threat of persistent malware entrenched in device firmware. I am not familiar with the intricacies of firmware security, so I am turning to SE for help.
I recently learned of FSF-certified laptops th… Continue reading Open source firmware as mitigation against firmware persistent malware?
I’m looking for a list of scenarios and protocols that are vulnerable (or not vulnerable to) half-PFS protection.
Half PFS, as I understand it, is where the communication between a client and server can be decrypted if one s… Continue reading What is "half PFS" protection, and what protocols or configurations apply to it?