Encoding is a set of predefined rules to reversibly transform a piece of information in a certain representation into a completely different representation. The other way round is called decoding.
Questions tagged [encoding]
201 questions
177
votes
9 answers
How to determine what type of encoding/encryption has been used?
Is there a way to find what type of encryption/encoding is being used?
For example, I am testing a web application which stores the password in the database in an encrypted format (WeJcFMQ/8+8QJ/w0hHh+0g==). How do I determine what hashing or…
Karthik
- 2,254
- 4
- 19
- 19
54
votes
8 answers
Virus Encoded in Video
So I'm not familiar at all with IT Security, but I'm a bit curious about something. I was watching a TV show and at one point, a virus spreads through an office. They investigate and find out that the virus was encoded in a video and it was…
pasawaya
- 1,027
- 1
- 9
- 12
36
votes
2 answers
What does this "ICAgICAg…" mean in public key certificates and messages?
I noticed that the string ICAgICAgICAgICAgICAg, in various repeating lengths, appears fairly often in public key certificates and ciphertexts.
What does this mean? Is it some kind of padding? Is it a quirk of the encryption?
Richard Hum
- 723
- 6
- 12
31
votes
4 answers
Is $_SERVER[ ] a safe source of data in PHP?
Can I 100% rely on $_SERVER[] to be a safe source of data that I do not need to sanitized like I do $_GET[] and $_POST[]?
user2079272
- 419
- 1
- 4
- 4
29
votes
2 answers
Why haven't (most of) the Zodiac Killer's letters been decrypted?
The Zodiac Killer was a serial killer in the late 60's and early 70's. The twist is, he would frequently taunt the local press with cryptic letters. Four of these letters were actually encoded, but only one has been cracked to date.
I'm doubtful…
JesseTG
- 513
- 2
- 6
- 14
26
votes
1 answer
When and why does bypassing XSS sanitizers with double encoding work?
I have read in different sites about different ways to bypass XSS sanitizers, like double encoding special characters such as /<>:"', or employing different encoding schemes.
However most of these sites do not explain why these attacks may work and…
XII
- 524
- 1
- 6
- 14
17
votes
2 answers
UTF-7 XSS attacks in modern browsers
I've recently read Ned Batchelders article on UTF-7 XSS-attacks. I tested his examples, but could not get any UTF-7 attack to work in modern browsers. I tried recent versions of Firefox, Chrome and Safari so far.
I know that Chrome has some…
Michael Helwig
- 365
- 1
- 2
- 10
16
votes
3 answers
How do I prevent this type of SQL injection attack?
Our company has been using several tool (Veracode, Appscan, etc) to verify that our applications meet minimum security requirements. I have inherited a legacy application which has several flaws. I've managed to mitigate most of the vulnerabilities,…
Jeff
- 271
- 1
- 2
- 5
13
votes
3 answers
Why is encryption (or signing) of long lines in E-Mails with PGP problematic?
I am using Thunderbird with Enigmail and OpenPGP to encrypt and/or sign E-Mails. On many occasions Enigmail complains that I have too long lines in the mail and asks how it should wrap them.
However this doesn't seem to follow any logical trends.…
Jens
- 297
- 2
- 11
12
votes
5 answers
Why would one need to encode an MD5 hash string? Is it unsafe to display unencoded?
I was reading this article which talks about a design to shorten URLs, and in the design section, it says that the given URL can be hashed using a hashing algorithm such as MD5, and then be encoded for display purposes using base64 or similar…
Ufder
- 223
- 2
- 5
11
votes
2 answers
PHP: if charset mismatches (htmlentities UTF-8) viewed by client as ISO-8859-1 (or vice versa)
Short Question:
Question: Could any security vulnerabilities arise if a server runs htmlentities as UTF-8 but the client views the results as ISO-8859-1?
Assumption: No vulnerabilities exist when one consistent charset is used
Detailed…
dajon
- 211
- 2
- 5
11
votes
1 answer
How to check if an mp4 file contains malware?
I am not that familiar with security and malware analysis, but I know it is theoretically possible to embed a malware into files like video, audio ...
Say that someone managed to embed a malware into an mp4 file and send it via gmail.
I have the…
singrium
- 213
- 1
- 2
- 8
11
votes
1 answer
PKCS7 encoding in Java without external libs like BouncyCastle etc
I am working on signing and encoding of CMS/PKCS#7 messages (something similar to C# SignedCms).
I have x509certificate from the keystore, rsa private key,
ContentInfo. ContentType is "oidPkcs7Data".
I don't quite understand what should I do next.
I…
nixspirit
- 213
- 1
- 2
- 6
10
votes
3 answers
How is character encodings used to bypass XSS sanitizers?
I read in different blogs that PHP htmlspecialchars() function has certain problems when one does not give the expected charset as an optional parameter.
Can someone explain some basic stuff about XSS exploits that arise from bad usage of sanitize…
XII
- 524
- 1
- 6
- 14
9
votes
3 answers
Security Implications of using Base64 Encoding with Encryption
Are there any security implications of converting a byte-array encryption key into a Base64 string before use?
I am creating a generic encryption helper for a project, and for the sake of consistency and generality, I use byte arrays for all inputs…
prmph
- 227
- 1
- 2
- 5