All Questions
0
votes
2answers
18 views
How safe is an email BCC field?
If I want to send an email to multiple recipients without them knowing each other, can I consider the BCC field safe enough to do this?
Obviously the server will still know and have a log of who the ...
0
votes
0answers
8 views
Remotely id Dameware version?
Does anyone have tech details on the Dameware protocol or know of methods to remotely identify the version of Dameware running on a host (or know if this is even possible)?
1
vote
2answers
26 views
Should inactive administrator accounts be DELETED/expunged?
Given:
A web application
Some active administrator accounts.
Some inactive administrator accounts.
No existing "audit" mechanism to keep old accounts for.
Inactive administrators cannot log in.
Is ...
0
votes
0answers
7 views
The application of HMAC vs CMAC vs DAA
So HMAC, CMAC, DAA are different algorithms for generating MAC based symmetric block ciphers. If all use symmetric ciphers to produce MAC, what is the key difference between them? In other word, why ...
0
votes
0answers
14 views
.NET app expects csv files, what if it receives malicious file?
I work in an enterprise environment on small custom applications which read data files (usually CSVs) and integrate the data into accounting software systems. I have come across a situation where ...
-2
votes
0answers
19 views
XSS filter again
Got a filter that removes anything inside angle brackets. E.g. foo<bar>foo is gonna be foofoo. Multiple oppening and closing not works here. Any type of encoding for characters "<" and ">" ...
-1
votes
0answers
16 views
Can an iPhone be stolen and reset without a trace?
An iPhone had FindMyiPhone or another geolocation recovery app enabled on the iPhone. For instance let's say that the iPhone was turned off after being stolen. The phone was then booted into recovery ...
-4
votes
0answers
22 views
Possible to snatch files before server boot up?
If my server gets ddosed and it crashes, is there a possibility that the hackers can steal some of my server files just before my server comes back up again? I got this question when I saw that any ...
1
vote
2answers
43 views
Headphone Virus/Short?
So, I've had some difficulties with a pair of headphones that I have. They are typical Apple ear-buds, but they're old and a little beat-up. Currently, sound only comes out of one of the ear-buds, the ...
7
votes
3answers
515 views
Some folderes in PATH variable are writable by anyone. Dangerous or not?
Platform is Windows 7. I noticed that some folders in the PATH environment variable (e.g. C:\Python) give write privilege to anyone on the machine, including users without Admin rights. I understand ...
0
votes
0answers
37 views
only 16 digit virtual credit card number accidentally given to a site [on hold]
Hi I was worried because i accidentally filled up my 16 digit virtual credit card number in to a site.which I discovered later that's not legit.
Is it possible that this site may use my virtual credit ...
0
votes
1answer
12 views
Cisco FirePOWER estreamer python client SSL Cert issue
I'm looking to the use the estreamer python library for Cisco firepower. To achieve this, the configuration document states the following about using clients:
"you need to create a certificate on ...
0
votes
1answer
106 views
Use URL in a password [on hold]
I learn in a IT school and I wonder why no one tip to use a URL as password? It's hard to bruteforce, it's not personal information, it's easy to rembember. If I have a password like that for my ...
-3
votes
0answers
43 views
How to analyse manually php source code for any possible vulnerability? [on hold]
I'm starting to learn more about php security and making web applications.
I want to know what functions in php can lead an application to compromise a web server, and how to prevent this from ...
0
votes
2answers
37 views
Can anyone bypass preg_replace for SQLi in my app?
In case of prevent SQLi happened I added this kind of check:
preg_replace("#([\[\]\|\.\,:'])#s", " ", $data);
This reg_ex should replace everything painfull, because the main query looks like
...
