iOS secure enclave and jailbreak
If an iOS device is jailbroken, I understand an attacker cannot extricate key material from the secure enclave. But would they be able to use keys using CryptoKit within the enclave to encrypt a...
View ArticleBrowser not generating kerberos ticket
Firstly, please apologise me if I'm still confused about stuff here, Kerberos auth is quite the complex issue for a java dev So, I have the following scenario: A suite of webapps which use kerberos...
View ArticleInconsistent behavior while attempting to exploit a misconfigured flash...
victim.com - URL of the misconfigured application. https://victim.com has an overly permissive crossdomain.xml at https://victim.com/crossdomain.xml. <?xml version="1.0"?> <!DOCTYPE...
View ArticleHow to implement cross-domain, auto-login SSO without browser redirects for...
I need to implement an SSO solution with the following requirements:Cross-domain: Let's assume I have a.com, b.com and sso.com. If I become logged in through a.com, I shouldn't need to login when I...
View ArticleReplace PATH space with random string
I came across http://test.co.uk/img/rOTJwSOqWzHaDsEUcHhI.If we take a look at it the directory space is protected against bruteforcing of the whole directory to explore private images.I don't know the...
View ArticleWhy don't the nacl public key primitives for signatures and authenticated...
The nacl.cr.yp.to source code has separate methods for doing public key encryption: https://nacl.cr.yp.to/box.html and for verifying signatures: https://nacl.cr.yp.to/sign.htmlI would expect that a...
View ArticleSecure HttpOnly Cookie or Header field for auth token securing an API?
I have an API to secure. There will potentially be two types of consumers of this API - our own Single Page Application, and third party services that will integrate with it.I have read that in general...
View ArticleIs it theoretically possible to hack printer using scanner tray?
If the scanner tray is considered as an interface, and it accepts input (basically it is its main functionality), could it be hacked using malicious code written on a piece of paper?
View ArticleIs exploit-free software possible?
I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their...
View ArticleMethods root can use to elevate itself to kernel mode
When most Linux users hear "root", they think of the maximum possible privilege on a computer. Some even think that root runs in ring 0. But in reality, root is just a regular user running in ring 3,...
View ArticleWays to transition SELinux domain / process context (securing SELinux...
(Apologies for multi-question. Theme is the same, but there are quite a few edge cases.)Browsing the web, I come across resources (see below), but they don't make this quite clear what the situation...
View ArticleRecovery of EEPROM data after bulk erase operation
Is there any research into the recovery of data stored in an EEPROM after the high-voltage bulk erase (not bytewise or pagewise erase) operation? I'm wondering about typical low-capacity EEPROMs which...
View ArticleDoes cloudflare protect against BREACH attacks?
I know that enabling http compression would make a server vulnerable to the BREACH attacks. So we have disabled compression from the server side, tested and it was all good. Then we implemented...
View ArticleHow can I prevent side-channel attacks against authentication?
After reading this excellent answer, I learned about the existence of side-channel attacks. From the code example provided, it is possible to determine the correct password by timing the code when...
View ArticleDoes injecting my own key material into the authenticator undermine...
I'd like to be able to inject my own key material in the FIDO2 authenticator; at the very least it will remove the need to trust the vendor (because we have no guarantee whether the vendor keeps copies...
View ArticleMaking transactions only, or almost only, by QR codes
I have a OnePlus 6 smartphone and I recently opened a bank account in a bank which seems to me very innovative in the context going payment card (debit/credit) free (using only application and/or...
View ArticleTriple handshake attack - what are the implications of not supporting RFC...
The referenced RFC details a mitigation to what appears to be the ability to compromise a TLS connection through an attack known as the 'triple handshake attack'.How serious is this vulnerability? How...
View Articleusing HW random number generator as source of entropy
Currently I am using haveged on my server as source of entropy.My Server is used as KVM hypervisor, to run virtual machines.I did not use haveged at the beginning, and I noticed the VMs were draining...
View ArticleCan a non-privileged user modify the file descriptor table of an elevated...
In Linux, every process holds its own file descriptor table, which keeps references to all opened files and file-like devices. This table is managed by the kernel.Is it possible that a non-privileged...
View ArticleLeaking details about the user in web application
Imagine a web application, which is used for getting og Open Graph tags from url. User can submit a form, which has single url input. Server opens the url in a headless browser, get og:title,...
View Article