Most Popular
1500 questions
40
votes
3 answers
Unable to understand why the web app is vulnerable to a Directory traversal attack
I was working with this web-app, when someone pen-tested it and sent me a huge report that says my app is vulnerable to a Directory traversal attack.
Here is one sample:
Testing Path: http://127.0.0.1:80/??/etc/issue <- VULNERABLE!
I put…
Batman
- 845
- 1
- 8
- 13
40
votes
2 answers
What is protection ring -1?
Due to the Lenovo firmware ThinkPwn bug I'm trying to understand privileges and rings.
If the kernel is Ring 0 and SMM (System Management Mode) is Ring -2, what could be in between that is Ring -1?
Thomas Weller
- 3,246
- 3
- 21
- 39
40
votes
3 answers
How does JTI prevent a JWT from being replayed?
According to the JWT RFC a JWT can optionally have a JTI which I interpret to be a unique ID for a JWT. It seems like a UUID is a good value for a JTI. The RFC claims that the JTI can be used to prevent the JWT from being replayed. Two…
ams
- 613
- 1
- 5
- 7
40
votes
1 answer
What cookie attacks are possible between computers in related DNS domains (*.example.com)?
Here, several servers in the same DNS domain emit cookies under a variety of settings (scope, HTTPS, Secure) and another host emits a cookie with the same value.
Example
Suppose a user has the following cookie set at secure.example.com:
authCookie…
makerofthings7
- 50,090
- 54
- 250
- 536
39
votes
2 answers
Is it safe to send SSL certificates via email?
I just ordered a cheap Comodo PositiveSSL Certificate via a UK reseller, and I was rather surprised to find that the following files were emailed to me automatically, in a zip file:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA…
halfer
- 821
- 1
- 7
- 12
39
votes
7 answers
How is it possible to embed executable code in an image
I was reading up on FireEye and came across this NYTimes article detailing a Skype chat where an image was sent laden with malware:
Quote:
To gain access to information on the devices..., hackers posed as women on Skype, identified the types of …
Jeremy Thompson
- 443
- 1
- 4
- 11
39
votes
6 answers
Secure Session Cookies
While looking up methods for creating secure session cookies I came across this publication: A Secure Cookie Protocol. It proposes the following formula for a session cookie:
cookie = user | expiration | data_k | mac
where
| denotes…
Uyghur Lives Matter
- 480
- 1
- 6
- 12
39
votes
2 answers
How bad is it to truncate a hash?
I'm wondering how bad it is to truncate a SHA1 and only compare, say, the first 10/12 bytes, etc.
I'm working with a fixed length of 8 bytes that I need to hash for uniqueness but store with the smallest footprint possible (8 other bytes would be…
Agnar
- 493
- 1
- 4
- 6
39
votes
3 answers
What is an SSL certificate intended to prove, and how does it do it?
If I get an SSL certificate from a well-known provider, what does that prove about my site and how?
Here's what I know:
Assume Alice and Bob both have public and private keys
If Alice encrypts something with Bob's public key, she ensures that only…
Nathan Long
- 2,624
- 4
- 21
- 28
39
votes
8 answers
Who is responsible for the strength of user's passwords?
Who is responsible for a user's password's strength? Is it us (developers, architects, etc.) or the user?
As a web developer, I've frequently wondered whether I should enforce the minimal password strength on my websites/applications users.
I…
Michal M
- 539
- 4
- 7
39
votes
3 answers
How can a webpage get the MAC address?
I was logged on to my router and filling out some information. I clicked a button and a field was automatically filled in with my computer's MAC address. How is this possible? Does it present a security risk?
I'm connected through VPN and my…
Celeritas
- 10,039
- 22
- 77
- 144
39
votes
2 answers
What are the main vulnerabilities of TLS v1.1?
What are the main vulnerabilities of TLS v1.1? Actually, no RFC describes v1.1 vulnerabilities, neither what pushed them to change to the new protocol 1.2 except the description given in section 1.2 of RFC 5246.
Please note that I do not mean…
melostap
- 565
- 1
- 4
- 8
39
votes
8 answers
Where can I learn cryptography/cryptanalysis the hard way, without going to school ? Any good book?
I'm not so bad at mathematics:
I know what are p-list and p-combinations, I know matrix algebra, I know what a XOR is, I know how to tell if number is a prime, etc: I'm not the programmer who hates math because he is bad at it, but I don't have a…
jokoon
- 593
- 1
- 5
- 8
39
votes
1 answer
Should I publish my public SSH key with user@hostname at the end?
In ~/.ssh/id_rsa.pub my public key is stored as:
ssh-rsa magicmagicmagicmagic...magicmagic username@hostname
When publishing my public key, should I include the username@hostname bit? Can I replace it with something else? My concerns are that:
I…
lofidevops
- 3,550
- 6
- 23
- 32
39
votes
5 answers
Security of an initial redirection from http://example.com to https://example.com
Suppose that http://example.com/ systematically redirects to https://example.com/. I enter http://example.com in my browser's URL bar, and I see a page load and the URL bar now displays exactly https://example.com/ (no Unicode hack, no…
Gilles 'SO- stop being evil'
- 50,912
- 13
- 120
- 179