Questions tagged [design-flaw]
34 questions
132
votes
10 answers
Should I contact the manufacturer if their product allows access to other users' location information?
I recently purchased a satellite communicator that allows me to send a map of my location to friends and family while I'm hiking in the wilderness.
While testing out my product, I noticed that the url was constructed as…
Lil' Bits
- 1,153
- 2
- 8
- 9
67
votes
3 answers
Heartbleed: Why does the client supply the length of the message at all?
"The fix for this bug is simple: check that the length of the message actually matches the length of the incoming request."
Why do we even have the client report the length at all?
If we can know the length of the incoming request, can't we just…
Elliot
- 753
- 5
- 9
19
votes
1 answer
What was the original intent for the feature that StrandHogg uses?
The "Affinity" of Android tasks seems really complex to handle. The StrandHogg vulnerability uses tricks with "Affinity" to render itself inside an another app.
The information that I've found this far does not provide exact details of vulnerability…
Mikko Rantalainen
- 513
- 2
- 11
13
votes
1 answer
Secure backup encryption with OpenSSL
I know, the general advice is "keep your hands off crypto stuff". And the standard way to encrypt backup data securely would be using GnuPG. However, for a rather academic exercise, I would like to think through a protocol that would work just with…
Daemotron
- 131
- 6
13
votes
3 answers
How much information about the reason for an unsuccessful login should a web application give?
After an unsuccessful login attempt, should I inform the user about its reason? Or more generally, how much information about the reason for an unsuccessful login attempt should a web application give?
It's kinda obvious not to inform the user about…
vandalizmo
- 511
- 4
- 11
6
votes
5 answers
Is using Google Voice number for two-factor authentication a big mistake?
Two-factor authentication is growing in popularity as a security measure. For example, Google, Facebook, Twitter, and many other services all have two-step security options today as well as many banks and credit unions.
I'm wondering whether using a…
WilliamKF
- 175
- 2
- 3
- 5
6
votes
3 answers
How do programs prevent data from being leaked?
There are many programs out there that offer encryption and key management.
From what I understand when a file is saved on a hard drive, then there will sometimes (often?) be copies of the file in the memory and maybe even other places on the hard…
Thomas
- 3,841
- 4
- 22
- 26
4
votes
3 answers
Does a 'reset password' website facility give away too much information?
If a website has a reset password facility (which will e-mail the account holder a reset link), does this facility reveal too much information by allowing someone to probe who holds an account by entering various e-mail addresses?
On a login screen…
Peter Bridger
- 143
- 3
3
votes
1 answer
Does anyone know how to use TRIKE?
TRIKE is an open source threat modeling methodology and tool, as presented by the authors. After i tried several threat modeling tools and methodologies, I have the feeling that it is the only real "DATA FLOW" threat modeling as the Microsoft…
smiley
- 1,214
- 2
- 13
- 21
3
votes
1 answer
Security-by-design based on an existing framework or a custom design?
Personally I do most of the development in PHP (the programming language doesn't really matter for this question). Popular PHP frameworks along developers are for example:
CodeIgniter
Laravel
Symfony
From this three frameworks, I know most about…
Bob Ortiz
- 6,234
- 8
- 43
- 90
3
votes
2 answers
Should ability to access login page after authentication be considered a security flaw?
On one of the recent engagements, I bumped into something I have not seen before: after successful authentication attempt the user still can access the login web page and login as another user.
It did not seem to be a security flaw in a sense, as…
Alex S.
- 33
- 2
3
votes
1 answer
Challenge: How to find the secret key in homebrew MAC/keyed hash: sha1(key + cookie)?
I am trying to solve a security challenge on a website.
Basically, the website computes sha1(key + cookie) to sign a cookie so that the user can't change it himself, and to accomplish the goal you have to find the key value.
I have two (not really…
christophetd
- 217
- 1
- 12
2
votes
3 answers
Are injection vulnerabilities a design or an implementation flaw?
Are injection vulnerabilities mainly a design or an implementation problem? I'm using SQL injection as an example; I'm interested in other injection vulnerabilities as well.
I believe that it is the direct consequence of lazy programming, i.e.
lack…
justatester
- 131
- 4
2
votes
1 answer
How useful is PDF signing in real world usage?
Background scenario:
So we had a problem where our system (Alice's shiny widgets) generated a PDF with a quote amount for 10 widgets. Someone (Eve) took the PDF, altered it to increase the price by 20%, they then presented the PDF as an expense…
DarcyThomas
- 1,298
- 1
- 10
- 15
2
votes
2 answers
Bad planning causing weak passwords
The athletic department at my university has a facebook page and on it they said "the first 500 people to register for this event will get free t-shirts". When registering one has to create an account with a password, so that all programs they…
Celeritas
- 10,039
- 22
- 77
- 144