Most Popular

more tags

1500 questions

votes

1 answer

How does a SIM card prevent cloning?

I have read a few articles about SIM cards, stating that the chip inside them uses some cryptographic magic to prevent people from cloning your number. This to me seems borderline impossible, given that you could manufacture a new chip with exactly…

authentication cryptography mobile

asked Jul 30 '14 at 09:46

LS97

votes

9 answers

I just discovered major security flaws in my web store?

A little background info here: I'm a self-taught web developer with very little experience outside of html/css, and the company I work for has hired a third party web development team to design us an e-commerce site. Anyway, I was beta testing the…

appsec web-application

asked Jul 27 '11 at 05:52

Moses

2,157
2
20
23

votes

6 answers

Site is being redirected to Viagra store; all the usual suspects turn up nothing

I have a client's site (http://changewise.biz) being redirected to a Viagra store (mywifeishappy.com). We've gone through all the usual suspects but cannot find the culprit that's causing the redirection: First thing we checked all the .htaccess…

url-redirection

asked Apr 25 '14 at 13:23

Lew

votes

4 answers

What to transfer? Password or its hash?

Let's say in my database I store passwords hashed with salt with a fairly expensive hash (scrypt, 1000 rounds of SHA2, whatever). Upon login, what should I transfer over the network and why? Password or its hash? Is it possible to protect such login…

cryptography passwords tls appsec hash

asked Jun 30 '11 at 12:47

Konrad Garus

votes

3 answers

Malicious code somehow hidden with whitespace?

I recently came across a php file on a compromised website that had what appeared (in Sublime Text) to be a huge white-space gap. When I run a diff against the original source file I can clearly see the malicious code which is snagging logins and…

source-code trojan

asked Feb 14 '23 at 00:55

Eaten by a Grue

votes

2 answers

Magic hash attack in JavaScript

In PHP a magic hash attack happens when loose type comparisons cause completely different values to be evaluated as equal, causing a password "match" without actually knowing the password. Here is an example:

hash javascript typejuggling

asked Sep 07 '20 at 08:32

drewiepooey

votes

5 answers

If a server only opens port 22 and 80, do we only have those two ways to hack it?

If a Linux server only open SSH port 22 and HTTP port 80, must we go through one of these two ports to hack into server from the internet?

web-application ssh

asked Apr 18 '20 at 15:31

244boy

votes

1 answer

In SQL injections why do they put "-- -" at the end of the URL?

I understand when they put a + at the end, URL treats it like a space. I want to know what -- - does. I do know what the "double dash" does. Including the double dash with a "space at the end". I specifically want to know what a dash-dash-space-dash…

web-application sql-injection url

asked Mar 31 '20 at 12:08

Linux Newbie

votes

8 answers

Can you find out how big the changes are by comparing two hashes?

I realize that a hash function is a one way function, and that changes in the hash are suppose to tell us that the original data has changed (that the entire hash changes on even the slightest changes to data). But is there a way to find out to what…

hash

asked Feb 19 '20 at 10:45

Maria Ahmed

votes

2 answers

"This used to be my phone number"

I added a new phone line and someone called claiming to be the previous owner of the phone number. He requested that I forward information a text message (He wanted me to forward 2 Factor Authentication information that would be sent to my new…

phone iphone

asked Jul 18 '19 at 16:12

gatorback

1,541
2
13
17

votes

5 answers

Should I log that a user changed their password?

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a log of when each user changed their own…

passwords logging password-reset

asked May 15 '18 at 13:03

edruid

votes

11 answers

Does hashing a file from an unsigned website give a false sense of security?

Consider this. Many websites with software downloads also make available MD5 or SHA1 hashes, for users to verify the integrity of the downloaded files. However, few of these sites actually use HTTPS encryption or digital signatures on the website…

tls hash digital-signature

asked Jan 17 '11 at 22:19

Iszi

27,027
18
99
163

votes

11 answers

Why are only passwords hashed?

I just learned a few things about hashing algorithms – MD5 and SHA-1. So, if I am not wrong passwords are hashed so that in a rare situation of your database being compromised a hacker can not see all the passwords in your database as the passwords…

passwords hash

asked Oct 28 '16 at 21:26

Aman Kothari

votes

7 answers

What is the point of encrypting the home directory?

If I have selected a good password and kept it secret, what is the point of encrypting my home directory, as a setup option with some flavors of Linux offer during setup? Won't the Linux permissions keep unwanted eyes away from my stuff?

encryption linux permissions

asked Aug 31 '16 at 20:54

Jon Wadsworth

votes

6 answers

How do I safely inspect a potentially malicious website?

Sometimes I'm interested in what's behind a malicious website. How do I stay on the safe side if I decide to inspect? I'm searching for methods that are quicker and more simple than running the website on a virtual machine. Should I use cURL and…

web-application malware curl

asked Apr 26 '16 at 17:04

Mirsad

10,075
8
33
54

Prev 1 2 3

…

99 100 Next