1. All Categories
  2. Information Security

Information Security : Recent Questions and Answers (Page 2)

Find answers to your questions about Information Security or help others by answering their Information Security questions.

Signing CSR using an ECC keypair

I'm trying to sign a CSR using python-asn1crypto and python-pkcs11. I have an ECC Keypair stored in a Hardware Security Module (HSM). Here's a code sample:key = decode_ec_public_key(encode_ec_public_key(pub))info =...

Asked on 12/28/2021

2 answer

Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR

I'm trying to understand and perform the Prefetch Side-Channel Attacks:Bypassing SMAP and Kernel ASLR. The author have released the proof-of-concept code.I'm trying to...

Asked on 12/28/2021

0 answer

How to identify IP from a UDP-based DoS

I'm running a Counterstrike server on UDP port 27015. I'm using Amazon AWS to host the game server. I have added only my friends' IPs (about 50 of them) into...

Asked on 12/26/2021 by Nihas

4 answer

Risk of specific changes to the "Trusted" security zone

Our EDI VAN provides software to transmit sensitive customer and business data between our ERP and their website. This software requires that I add several URLs (including one plain HTTP)...

Asked on 12/26/2021

1 answer

BURP SSL connection failing on Genymotion Virtual Device - Android 8.0 API 26

Everything earlier used to work fine. However, recently I downloaded a newer virtual device on Genymotion, which is an Android 8.0 API 26. I have been struggling to get HTTPS...

Asked on 12/26/2021 by qre0ct

0 answer

Error on Content Security Policy while testing for Clickjacking

I was recently testing for Clickjacking and when I opened developer tools, I was warning Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified Do you...

Asked on 12/26/2021

1 answer

What is the recommended file extension for GnuPG-encrypted files?

I used .asc for ASCII armored (using --armor) encrypted messages. But what extension should I use when encrypting file.tar.gz for example?...

Asked on 12/26/2021

1 answer

PostgreSQL injection with basic sanitization

I'm trying to figure out if an SQLi for the following PostgreSQL/Java code exists.public void availableItems(String name) { return this.query("SELECT * FROM items WHERE name='"+name+"'");}Assuming that in the...

Asked on 12/26/2021 by asker asky

1 answer

Why would I use MAC over digital signature?

As far as I've read, there is no benefit of a MAC over a digital signature - except the fact that it is faster to generate and process. Is this...

Asked on 12/24/2021

3 answer

Facebook/Google OAuth - need a constant string for E2EE

The clients can use Google and Facebook OAuth for authenticationI need to implement a chat application where the messages are end-to-end encryptedWhen the user changes device, the client should be...

Asked on 12/24/2021 by user238973

0 answer

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP