Collaborate Disseminate
For customer support reasons, we need to store passwords to some of our customers’ systems (with their explicit, written permission, of course), as well as, obviously, passwords to some of our own systems. Customer support agents and admin… Continue reading How do I minimize the number of passwords leaked when a PC gets compromized?
Recently, there has been some news articles about unsolicited attacks on unsecured public facing Elastic and Mongo databases. These are commonly being called "Meow" attacks, resulting in entire databases being deleted without ran… Continue reading What is the Meow Attack and how can I guard my databases against it?
The Star recently published an article describing an alleged attack against a Moroccan journalist. The article describes the attack as such:
Forensic evidence gathered by Amnesty International on Radi’s phone shows that it was infected by… Continue reading Does HTTPS protect mobile internet connections against "network injection"?
Section 5.4 of the TLS 1.3 specification describes record padding.
One of the mitigations for BREACH is to add random padding.
Therefore, I’m wondering:
Does TLS 1.3 require random record padding? I’m also unclear on if this padding is op… Continue reading Does TLS 1.3 mitigate the BREACH vulnerability?
If you were to configure a Work PC at home to exclusively connect to your work network via a small VPN box, would this adequately isolate it from your home network and related threats?
What alternatives would you recommend?
Work PC <=… Continue reading Can VPN hardware provide adequate isolation on a home network?
I am trying to understand threat modeling but it seems too elasti from restrictive requirements to general requirements.
Now i am trying to understand it with some realistic examples. The first example which comes to my mind is physical … Continue reading Threat modeling for visitor access control
I do not have a lot of experience in networking, however, I have built a live-chat application using socket.io and nodeJS. In order to do this, I had to open a port to allow other networks to connect. How can I ensure that the open port do… Continue reading How to secure an open port and public IP address when clients must connect to it [duplicate]
I accidentally shared my SSH private and public keys with others. I changed keys within 2 minutes of sharing the private key. I’ve since added a password to access my private key as well as deleted the old private key and created a new one… Continue reading Accidentally Shared my Private Key – How to Remedy?
After reading some popular questions and answer on this website about BREACH, the only advice seems to be: don’t compress anything that might contain secrets (including CSRF tokens). However, that doesn’t sound like great advice. Most webs… Continue reading How are websites actually mititating BREACH? (HTTPS + compression)
I am trying to figure out how to detect potential threats from malwares in various systems installed in the airport.
To be specific, my focus is on the following systems in airports:
Baggage Handling System (BHS)
X-ray mac… Continue reading Malware Threat Hunting in Airport Systems – KPIs/Metrics to Track [on hold]