Collaborate Disseminate
Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years.
The post Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029 appeared first on SecurityWeek.
Continue reading Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029
On the social club website, there are crews that have short names or a short tag, I know that it is possible to do this, but you need to somehow cheat the tag length verification system or something like that, I tried to use the burp suite… Continue reading Social club: creating a 2-3 letter crew tag with https interception via burp suite [closed]
I am running an Octoprint server for my organization and I restrict access to it by smart card client certificates. This works fine for accessing the web interface in a browser as well as the "physical printer" panel in Prusa Sli… Continue reading Problem with windows smart card authentication restrictions
I am currently working on a home "forensic" lab and I have set up an OPNsense-based transparent proxy (squid) to intercept and analyze HTTPS traffic coming from a Windows 11 client. I can successfully decrypt traffic using TLS ke… Continue reading How to capture fully decrypted HTTPS traffic in a transparent proxy setup without TLS key logs?
I have build multiple embedded devices with TLS1.2/3 + PSK using mbedtls and wolfssl libraries.
My products have been with microcontrollers(ESP32, Silicon labs, etc.) and OpenWRT based Linux products. The devices mainly establish a session… Continue reading Is TLS1.2/3 + PSK recommended for future products?
For local development of our website example.com, we want to setup a test environment with https enabled hence we need some for of SSL certificates.
Are self-issued certificates the way to go? Options I see:
1. Production Certs
You have a … Continue reading Security of certificates issued by an internal CA
I’m trying to create an application that should allow two devices (two phones, two computers, or a phone and a computer) to verify each other in some way to later be able to securely connect to each other to transfer data.
There are only t… Continue reading What is the best way to ensure a secure communication between two client devices without access to internet, CA, or pre-shared keys
Basically I am doing a GET on this URL from SAP:
https://www.thirdparty.be/webservices.php?m=get_private_information&o=json&u=username&p=password
The third party webservice does use IP-whitelisting, and they have whitelisted o… Continue reading I’m calling the API of a third party, and have to pass the credentials as parameters in a HTTPS URL. Is that safe?
Basically I am doing a GET on this URL from SAP:
https://www.thirdparty.be/webservices.php?m=get_private_information&o=json&u=username&p=password
The third party webservice does use IP-whitelisting, and they have whitelisted o… Continue reading I’m calling the API of a third party, and have to pass the credentials as parameters in a HTTPS URL. Is that safe?
Consider a web app that allows the user to upload files to a server. While uploading files, the app will generate hashes from the file content and send that hash to the server, along with the actual file content. Server will also generate … Continue reading Is hashing user input data redundant on HTTPS?