Unanswered Questions
6,897 questions with no upvoted or accepted answers
12
votes
0
answers
542
views
PGP security with Thunderbird 78 email client
I have a query regarding best practice of using PGP to sign emails with Thunderbird 78.
Thunderbird 78 took an existing system by Enigmail and brought it "in-house" to be built into the ...
- 3,299
11
votes
1
answer
596
views
SolarWinds Orion SAML compromise mass cert update
SolarWinds Orion customers have suffered some network compromises according to news reports.
One report says, right at the end of the article, that SAML2.0 signing certificates may have been ...
CommunityBot
- 1
11
votes
0
answers
416
views
Penetration-resistance of a HaLVM unikernel
A HaLVM unikernel is a Haskell program compiled with a modified version of the Glasgow Haskell Compiler to produce a standalone Xen kernel, which will boot on any Xen PV machine instance. A HaLVM ...
- 11
11
votes
1
answer
4k
views
Do fTPM implementations protect against physical attacks?
I see that there is an increasing number of PCs shipped with firmware based TPM (fTPM), e.g. the Intel NUC.
As far as I understand, these solutions practically emulate a TPM chip using the CPUs ...
- 1
9
votes
0
answers
1k
views
How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.
When it comes to advertising, the type of ...
9
votes
1
answer
2k
views
What is the difference between TEE and HSM in Android Pie?
Android has the concept of hardware backed security as TEE and in latest Android i.e., Android Pie devices can have a HSM (Strongbox).
What is the actual difference between TEE and HSM?
Does ...
CommunityBot
- 1
9
votes
0
answers
942
views
How does Facebook Pixel's new first-party cookie work?
Facebook recently announced that they will begin offering a first-party cookie option for the Facebook Pixel. Previously, they only used third-party cookies. From their documentation:
You can now use ...
- 131k
9
votes
0
answers
415
views
Authentication using SysRq
The general idea here is the feasibility of adding Windows UAC-like "consent prompts" to a Linux system, designed in such a way that cannot be bypassed in software. Giving consent should ...
- 67k
9
votes
1
answer
4k
views
Session fixation in Java
In the process of developing a vulnerable jsp/servlet based application I made an attempt to introduce the session fixation vulnerability.
Referring to the documentation I came up with the following ...
8
votes
0
answers
5k
views
Are there any security benefits to enabling the PIN on an eSIM?
For physical SIMs, I'm aware of a number of security benefits to enabling the SIM PIN, because for an attacker with access to a lost or stolen SIM, a PIN prevents transferring the SIM to a different ...
- 101
8
votes
0
answers
284
views
Why is iOS sending HTTPS requests even with background refresh disabled?
I've installed NextDNS on my iPhone and started noticing random connection requests to *.aliexpress.com, live.musical.ly, amazon.sa, and others.
What made me wonder is that
I don't have "...
- 131k
7
votes
1
answer
2k
views
Powershell Empire - Token Impersonation
I have been struggling trying to get token impersonation to work in Empire 2.0.
I use the credentials/mimitokens module to list and elevate to use a specific users token - I see mimikatz' output ...
CommunityBot
- 1
7
votes
0
answers
563
views
Can SRP be implemented using libsodium
I am using libsodium for cryptography and I want to use SRP for key exchange. The wikipedia page lists a python example, but I am not sure if and how I could convert this to libsodium function calls.
...
7
votes
0
answers
6k
views
Running openssl s_client with an aes encrypted key fails
I'm trying to verify a 2-way SSL connection using the openssl s_client command
openssl s_client -connect localhost:8883 -CAfile ca.pem -cert client.crt -key client.key
The openssl s_client fails ...
- 103
7
votes
1
answer
596
views
TLS connection to untrusted server - client reaction for dropping connection standardized?
I played around with a man-in-the-middle proxy tool and connected different smart phones to it. As the proxy uses a self signed certificate the tested smartphone apps did not accept the presented ...
- 1