All Questions
69,144
questions
1
vote
1
answer
15
views
ELI5: If SSL encrypts traffic, why does it expire?
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don't understand is, why does TLS ...
1
vote
0
answers
20
views
Weird traffic pattern on HTTPS (may or may not be VPN provider related). Can anyone identify what is going on?
I've recently been tightening up drive-by hacking on my systems, and a legitimate (but relatively technically illiterate user) was banned by a fail2ban rule which detected something a bit weird. The ...
1
vote
1
answer
41
views
How does an eBPF program cause a kernel panic?
According to this RedHat knowledge base entry CrowdSource has similarly caused a kernel panic on Linux as well with eBPF program.
My question is how is this possible? eBPF is described as,
eBPF ...
1
vote
0
answers
40
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
1
vote
0
answers
35
views
How to recycle dead Google Pixel laptop?
I have old Google Pixel laptop that is not working anymore. I cannot charge it and it would not start.
I have a number of apps installed there, linked to my current account (for example, social media ...
2
votes
1
answer
23
views
Difference between PS Remoting and Winrs from a detection standpoint
From a detection standpoint, when pivoting inside a network what difference (if any) is there between establishing a remote connection between using Enter-PSSession -ComputerName PC1 vs winrs -r:PC1 ...
2
votes
1
answer
326
views
Why redirect_uri is needed when client_id is supplied in OAuth2?
we know that we need to pass both client_id and redirect_uri in the authorization request.
https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow#step-1-get-the-users-permission
But isn't that ...
2
votes
0
answers
18
views
Why is presence of SPN on an account causing Kerberos "failed to decrypt" error (KRB_AP_ERR_MODIFIED)
I am in a corporate environment with on-premises AD on the company.com domain.
We have an AWS VPC hosting some .Net APIs in IIS - the domain these are in is companycloud.com. These APIs are all on the ...
1
vote
1
answer
59
views
Reasons for blocking a website via VPN but not via Proxy [closed]
My organization (size 120K+ employees) blocks gen AI sites on their wifi network and also when I'm on my home network with VPN enabled (Zscaler). But I can access these gen AI sites from home on my ...
1
vote
0
answers
28
views
Why can't I receive a confirmaiton email for my registration on a website in Italy? [closed]
I am trying to register for the Italian Museum website so that I can purchase tickets to the Pantheon and other sites. However, to complete my registration the site sends me a confirmation email that ...
2
votes
0
answers
97
views
Do we know what data Falcon Platform from Crowdstrike transfers outside of the organisation?
There is currently an issue with Windows operating systems, reputed to be related to Falcon Sensor from CrowdStrike. From their description of Falcon Platform, it seems at least plausible that they ...
1
vote
1
answer
39
views
Is local password recovery for each device a viable security approach?
I'm developing a multi-platform application using Flutter, which involves sensitive user data and requires both online and offline accessibility. To enhance security and usability, I am considering ...
1
vote
1
answer
13
views
Does SoapUI accept pfx files as keystores?
I have been trying out Soap UI's WSS options and it isn't quiet clear whether PXF files are accepted as a valid key-store in preference to JKS?
2
votes
1
answer
178
views
CORS credentials option set to true
To allow cookies to be sent to my ExpressJS server,credentials: true has to be set in my CORS config.
What potential security risks/ vulnerabilities could arise from this configuration?
If possible, ...
3
votes
2
answers
369
views
What are the risks of disabling issuer URL validation?
According to the OIDC specification:
The issuer value returned MUST be identical to the Issuer URL that was
used as the prefix to /.well-known/openid-configuration to retrieve
the configuration ...