1. All Categories
  2. Information Security

Information Security : Recent Questions and Answers

Find answers to your questions about Information Security or help others by answering their Information Security questions.

Is it less secure to force periodic user logouts vs keep them logged in?

I've been unable to find any research or information on this. Google periodically signs me out and forces me to sign back in. I have multiple devices and multiple...

Asked on 01/06/2022

2 answer

What usually happens to the symmetric (session) key after decrypting an email? Can the key be recovered if changing private keys?

I've been preparing for a CISSP exam and was reading about applied cryptography in regard to email. It's my understanding that the popular schemes (PGP,S/Mime) use a combination of asymmetric...

Asked on 01/06/2022 by jaybeatle

1 answer

What's the difference between the endorsement key and the attestation identity key within the TPM?

I'm trying to make notes about the TPM and what it does. More specifically I'm looking at the 3 RSA key pairs: the 'endorsement key', the 'storage root key' and...

Asked on 01/04/2022 by BetaInProgress

1 answer

Diffie Hellman c# implementation

For a test project I have tried to implement the (famous) Diffie Hellman algorithm for safe key exchange. Now I have written this in C#:using System;using System.Collections;using System.Collections.Generic;namespace DiffieHellman.Cryptology{...

Asked on 01/02/2022 by Roger Far

2 answer

How to know if an RFI/LFI attack was successful?

Let's say that an attacker wants to search websites for RFI/LFI vulnerability with a script, he's fuzzing the URL with a list of remote/local files. And he prints the headers...

Asked on 12/31/2021 by user226295

2 answer

Is javascript fingerprinting becoming obsolete?

Okta recently sent out an email to admins about changes to their new device detection strategy. According to them:Due to browser advancements in anonymous web browsing, JavaScript fingerprinting techniques...

Asked on 12/31/2021 by Indigenuity

1 answer

What is the most restrictive way to allow IPv6 ICMP requests on iptables?

This is what I have so far but it is pretty open.*filter:INPUT DROP [0:0]:FORWARD DROP [0:0]:OUTPUT DROP [0:0]-A INPUT -p ipv6-icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A OUTPUT...

Asked on 12/31/2021

0 answer

Suricata and rules based on MAC address

I'm working on a project to implement SDN in a network. One of my flows is redirecting to the Suricata IDS and the flow works in layer 2 with MAC...

Asked on 12/28/2021 by loi219

1 answer

How can we eliminate passwords given the problems with biometric authentication?

I've read articles suggesting that passwords will eventually go the way of the dinosaur only to be replaced by biometrics, PINs, and other methods of authentication. This ...

Asked on 12/28/2021 by pancake-house

8 answer

Login with AD credentials on behalf of a user

We have a web solution (running in IIS) where AD users and non-AD users need to log into. We sell this to companies and will run this on-prem only. non-AD-FS...

Asked on 12/28/2021

1 answer

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP