Unanswered Questions
6,731 questions with no upvoted or accepted answers
14
votes
0
answers
805
views
PGP security with Thunderbird 78 email client
I have a query regarding best practice of using PGP to sign emails with Thunderbird 78.
Thunderbird 78 took an existing system by Enigmail and brought it "in-house" to be built into the ...
CommunityBot
- 1
11
votes
1
answer
867
views
SolarWinds Orion SAML compromise mass cert update
SolarWinds Orion customers have suffered some network compromises according to news reports.
One report says, right at the end of the article, that SAML2.0 signing certificates may have been ...
CommunityBot
- 1
11
votes
0
answers
488
views
Penetration-resistance of a HaLVM unikernel
A HaLVM unikernel is a Haskell program compiled with a modified version of the Glasgow Haskell Compiler to produce a standalone Xen kernel, which will boot on any Xen PV machine instance. A HaLVM ...
CommunityBot
- 1
11
votes
1
answer
5k
views
Do fTPM implementations protect against physical attacks?
I see that there is an increasing number of PCs shipped with firmware based TPM (fTPM), e.g. the Intel NUC.
As far as I understand, these solutions practically emulate a TPM chip using the CPUs ...
- 1
10
votes
0
answers
1k
views
How does Facebook Pixel's new first-party cookie work?
Facebook recently announced that they will begin offering a first-party cookie option for the Facebook Pixel. Previously, they only used third-party cookies. From their documentation:
You can now use ...
- 134k
10
votes
0
answers
491
views
Authentication using SysRq
The general idea here is the feasibility of adding Windows UAC-like "consent prompts" to a Linux system, designed in such a way that cannot be bypassed in software. Giving consent should ...
- 67.8k
9
votes
0
answers
2k
views
How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.
When it comes to advertising, the type of ...
8
votes
0
answers
545
views
Whats the meaning of ] symbol in a SQL query?
I have come across a CTF challenge that has a part with an SQL injection (MySQL DB). I have completed it, but I do not know why or how the injection works.
The query in the PHP application would ...
8
votes
0
answers
6k
views
Running openssl s_client with an aes encrypted key fails
I'm trying to verify a 2-way SSL connection using the openssl s_client command
openssl s_client -connect localhost:8883 -CAfile ca.pem -cert client.crt -key client.key
The openssl s_client fails ...
- 103
7
votes
0
answers
309
views
Teamviewer Risks When Connecting to Another Computer
Are there any risks to be aware of if you remote into another person's computer via their Teamviewer Partner ID and password?
Any recommended settings to choose when remoting into an unknown computer?
...
- 1
7
votes
0
answers
3k
views
Can XXE be exploited when disallow-doctype-decl is set to true (Apache)?
I found out that an endpoint of a website may be vulnerable to XXE. It is using Unmarshal as an XML parser. When I try to send a post request using common XXE payloads, I receive the following ...
7
votes
0
answers
618
views
Can SRP be implemented using libsodium
I am using libsodium for cryptography and I want to use SRP for key exchange. The wikipedia page lists a python example, but I am not sure if and how I could convert this to libsodium function calls.
...
7
votes
1
answer
657
views
TLS connection to untrusted server - client reaction for dropping connection standardized?
I played around with a man-in-the-middle proxy tool and connected different smart phones to it. As the proxy uses a self signed certificate the tested smartphone apps did not accept the presented ...
- 1
6
votes
0
answers
337
views
What is the current risk regarding hyper-threading?
We are around four years after ZombieLoad.
We had multiple Microcode and OS mitigation patches.
Is enabling hyper-threading still bad practice if firmware, microcode and OS patches for your system are ...
- 113
6
votes
0
answers
3k
views
How to bypass certificate pinning in Android phone?
I am working on analyzing Android applications from my phone using MITM Proxy. My Android phone version is 4.4.2, SDK is 19 and its rooted. I have performed all WiFi configurations required for MITM. ...
- 1