Why does Chrome not allow the modification of these headers by extensions?
The Chrome WebRequests API mentions that specific request headers are not available to the onBeforeSendHeaders event, meaning that extensions cannot read and/or modify these headers. Here is an excerpt...
View ArticlePassword hashing that is resistant to ASIC-assisted cracking without risking...
Previously, authentication systems stored passwords in cleartext. This made it trivial for an attacker to log in to an account if he had access to a leaked password file.Later, passwords were hashed...
View ArticleIs overbuffered done on 10th byte past alocated space?
I am reading shellcode handbook, and there is one sentence of executing past the space:Interestingly, we see that the program was executing address 0x0000000a— or 10 in decimal—when it crashed. More on...
View ArticleCordova's APP_SECRET discovered in config.xml file
What is the security implication of the APP_SECRET being discovered in a Cordova Mobile app? Steps on how to get the APP_SECRET is described here but there appears to be no clear guidance on what the...
View ArticleAre files like favicon.ico, robots.txt, and sitemap.xml vulnerable to XSS?
A Zap scan against an app detected the "Web Browser XSS Protection Not Enabled" vulnerability on sitemap and favicon. Would it be safe to ignore those URLs or does it mean that the app is...
View ArticleEvaluating security controls of smaller vendors
In the IT Security team where I work, we currently use the Standarized Information Gathering or SIG tool to evaluate IT security posture of prospective 3rd party vendors. What I like about the SIG is...
View ArticleWhat is the use case of request signing in this mobile app?
The API of a mobile app I was testing is sending the AWS AccessKeyId and SecretKey used for request signing from the AWS Cognito server unencrypted (apart from the regular TLS encryption). Making it...
View ArticleWhat was the original intent for the feature that StrandHogg uses?
The "Affinity" of Android tasks seems really complex to handle. The StrandHogg vulnerability uses tricks with "Affinity" to render itself inside an another app.The information that I've found this far...
View ArticleUnable to downgrade https to http through sslstrip, arpspoof
I've been following this guide: https://www.cybrary.it/0p3n/using-sslstrip-in-kali-linux/ and others too, ex: official Sslstrip one: https://moxie.org/software/sslstrip/ without any success.I'm...
View ArticlePython's http.server library "basic security checks"
According to:https://docs.python.org/3/library/http.server.htmlWarning http.server is not recommended for production. It only implements basic security checks.It doesn't state what security...
View ArticleCVE fields vulnerable_products vs whats in configuration
I would like to understand better the structure of the CVE. (For example) in CVE-2018-19081, vulnerable_products mention product Opticam i5. like so: "vulnerable_products": [...
View ArticleIs it safe to create a session from an auth token?
My server is using Django Rest Framework. My mobile app logs in using token authentication. However, I also have a webview in the mobile app where I need to log in. I can't inject the auth token on...
View ArticleMost secure way to partition linux?
I recently acquired a netbook to play with, and I want to install Kali Linux so I can start learning about network security and exploit development. I want to use this to learn as much about security...
View ArticleConfiguring Argon2id for Multiple Threads
We're using argon2-jvm to use Argon2id on our Java TCP Server.Because its argon2id instance is thread-safe, we plan to only create a single instance for the lifetime of our app and have each request...
View ArticleThreema: Are received messages exposed, when sender's private key gets...
Note: This question is specific to the Threema Messenger, and relates to their implementation of encryption (using the NaClECDH implementation as per their docs).I refer specifically to their "note on...
View ArticleCan DeepCorr's correlation technique de-anonymize all Tor users?
https://people.cs.umass.edu/~amir/papers/CCS18-DeepCorr.pdfhttps://www.youtube.com/watch?v=_OKLtKgEn4kI have some questions about this "Deepcorr". Does "DeepCorr" really work that good? They say that...
View ArticleSecure Windows 10 Home admin's data behind a password, even when user apps...
Windows 10 Home's default account lock system for the admin account is not completely secure because there are multiple free password recovery tools & ways available that can be used by a non-admin...
View ArticleClik here to view.
CSP: any way to prevent inline scripts dynamically created by a trusted...
Let's say I have a simple web application which uses a single JavaScript (JS) file, loaded from its own domain, and has implemented the restrictive Content Security Policy (CSP) of default-src 'self'....
View ArticleWhy are CSRF tokens necessary?
It seems that the entire problem could be solved very elegantly by simply adding a new flag to the HTTP cookie specification. Similarly to how cookies flagged Secure will only be submitted by the user...
View ArticleWhat measures can be taken to make a site safe again after a hostile service...
So my understanding of Service Workers is that once installed they grant you full control over requests to a domain. If an attacker managed to include their service worker in your site, then for anyone...
View Article