IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
40
votes
3 answers

Unable to understand why the web app is vulnerable to a Directory traversal attack

I was working with this web-app, when someone pen-tested it and sent me a huge report that says my app is vulnerable to a Directory traversal attack. Here is one sample: Testing Path: http://127.0.0.1:80/??/etc/issue <- VULNERABLE! I put…
Batman
  • 845
  • 1
  • 8
  • 13
40
votes
2 answers

What is protection ring -1?

Due to the Lenovo firmware ThinkPwn bug I'm trying to understand privileges and rings. If the kernel is Ring 0 and SMM (System Management Mode) is Ring -2, what could be in between that is Ring -1?
Thomas Weller
  • 3,246
  • 3
  • 21
  • 39
40
votes
3 answers

How does JTI prevent a JWT from being replayed?

According to the JWT RFC a JWT can optionally have a JTI which I interpret to be a unique ID for a JWT. It seems like a UUID is a good value for a JTI. The RFC claims that the JTI can be used to prevent the JWT from being replayed. Two…
ams
  • 613
  • 1
  • 5
  • 7
40
votes
1 answer

What cookie attacks are possible between computers in related DNS domains (*.example.com)?

Here, several servers in the same DNS domain emit cookies under a variety of settings (scope, HTTPS, Secure) and another host emits a cookie with the same value. Example Suppose a user has the following cookie set at secure.example.com: authCookie…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
39
votes
2 answers

Is it safe to send SSL certificates via email?

I just ordered a cheap Comodo PositiveSSL Certificate via a UK reseller, and I was rather surprised to find that the following files were emailed to me automatically, in a zip file: Root CA Certificate - AddTrustExternalCARoot.crt Intermediate CA…
halfer
  • 821
  • 1
  • 7
  • 12
39
votes
7 answers

How is it possible to embed executable code in an image

I was reading up on FireEye and came across this NYTimes article detailing a Skype chat where an image was sent laden with malware: Quote: To gain access to information on the devices..., hackers posed as women on Skype, identified the types of …
Jeremy Thompson
  • 443
  • 1
  • 4
  • 11
39
votes
6 answers

Secure Session Cookies

While looking up methods for creating secure session cookies I came across this publication: A Secure Cookie Protocol. It proposes the following formula for a session cookie: cookie = user | expiration | data_k | mac where | denotes…
Uyghur Lives Matter
  • 480
  • 1
  • 6
  • 12
39
votes
2 answers

How bad is it to truncate a hash?

I'm wondering how bad it is to truncate a SHA1 and only compare, say, the first 10/12 bytes, etc. I'm working with a fixed length of 8 bytes that I need to hash for uniqueness but store with the smallest footprint possible (8 other bytes would be…
Agnar
  • 493
  • 1
  • 4
  • 6
39
votes
3 answers

What is an SSL certificate intended to prove, and how does it do it?

If I get an SSL certificate from a well-known provider, what does that prove about my site and how? Here's what I know: Assume Alice and Bob both have public and private keys If Alice encrypts something with Bob's public key, she ensures that only…
Nathan Long
  • 2,624
  • 4
  • 21
  • 28
39
votes
8 answers

Who is responsible for the strength of user's passwords?

Who is responsible for a user's password's strength? Is it us (developers, architects, etc.) or the user? As a web developer, I've frequently wondered whether I should enforce the minimal password strength on my websites/applications users. I…
Michal M
  • 539
  • 4
  • 7
39
votes
3 answers

How can a webpage get the MAC address?

I was logged on to my router and filling out some information. I clicked a button and a field was automatically filled in with my computer's MAC address. How is this possible? Does it present a security risk? I'm connected through VPN and my…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
39
votes
2 answers

What are the main vulnerabilities of TLS v1.1?

What are the main vulnerabilities of TLS v1.1? Actually, no RFC describes v1.1 vulnerabilities, neither what pushed them to change to the new protocol 1.2 except the description given in section 1.2 of RFC 5246. Please note that I do not mean…
melostap
  • 565
  • 1
  • 4
  • 8
39
votes
8 answers

Where can I learn cryptography/cryptanalysis the hard way, without going to school ? Any good book?

I'm not so bad at mathematics: I know what are p-list and p-combinations, I know matrix algebra, I know what a XOR is, I know how to tell if number is a prime, etc: I'm not the programmer who hates math because he is bad at it, but I don't have a…
jokoon
  • 593
  • 1
  • 5
  • 8
39
votes
1 answer

Should I publish my public SSH key with user@hostname at the end?

In ~/.ssh/id_rsa.pub my public key is stored as: ssh-rsa magicmagicmagicmagic...magicmagic username@hostname When publishing my public key, should I include the username@hostname bit? Can I replace it with something else? My concerns are that: I…
lofidevops
  • 3,550
  • 6
  • 23
  • 32
39
votes
5 answers

Security of an initial redirection from http://example.com to https://example.com

Suppose that http://example.com/ systematically redirects to https://example.com/. I enter http://example.com in my browser's URL bar, and I see a page load and the URL bar now displays exactly https://example.com/ (no Unicode hack, no…
Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
1 2 3
99 100