Lets say my PC & server is in an environment where a theoretical attacker has physical access to the machine while I’m not there. Now the data is encrypted on the hard drive with TrueCrypt. However if I’m not there I usually don’t bother dismounting the encrypted containers as it’s time consuming to enter the [...]
Given a securities trading algorithm that is very effective and thereby very valuable, how do you keep it secret and protect it from theft or copying? What techniques or architecture is the best? The algorithm will of course need some input data and output some data. It will also need maintenance and development. Preferably it [...]
The script on opening web broswersays Warning: Unresponsive Script A script on this page may be busy,or it may have stopped responding.You can stop the script now,or you can continue to see if the script will complete. Script:chrome//global/content/bindings/text.xml34 and then two options to continue & stop the script. BTW my system is already hacked,and I [...]
I just learned that my dad fell for a online green card lottery scam. It happened over 3 years ago, the attacker took 60$ and disappeared. I am not even considering getting this money back. On the other hand, he had his victim fill out all sorts of forms giving out private personal data. That [...]
I have a problem fuzzing FTP protocol. An example of a command fuzzed is the following data model, which should fuzz the “CWD [string]” command of the FTP protocol. s_initialize(‘CWD’) s_static(‘CWD’) s_delim(‘ ‘) s_string(‘fuzz’) s_static(‘\r\n’) When I analyze the packets sent to the FTP server, I can see that Sulley doesn’t generate non-ascii characters when [...]
Even though most people consider downloading your Linux software from you own distribution’s repositories as safe, thinking about the scenario where a repository gets hacked sounds thrilling. What would happen if a repository which hosts widely used applications gets hacked and those applications are replaced (or added) with viruses/trojans/malwares? How fast would that be noticed, [...]
I always thought that if I had an SSL connection there would be no MITM attacks. Now it appears that isn’t true (see comments in this question Is it okay from a security perspective to read foreign (untrusted) cookies in a trusted network?) I’m still unsure how it works and whether each browser needs to [...]
When generating randomness using SecureRandom in Android, I want to select dev/random or dev/urandom as the seed source. It can be done in java.security file on Linux and Windows systems but there’s not a java.security file on Android for now as much as I know. How can I do this selection? Thanks in advance. – [...]
I’ve been looking into the various pros/cons of tokenless (particularly SMS based) and traditional token based two-factor authentication (think RSA SecurID). After doing some research, I think I have a better understanding of the two options when it comes to usability, cost, etc, but I’m having trouble finding good in-depth independent analysis of the security [...]
I have a specific environment in which TCP is not optimal due to its general assumptions, and thus needs to be improved. This small improvement has been done successfully. It operates at various layers, from 2 to 4, and needs read/write access to some information displayed in the TCP packets, such as the congestion window [...]