Tag: #security

2024-04-24

Trick Android to display an SMS as coming from any contact. Convincing phishing vuln, but still unpatched. 2020-08-06

Blurring sensitive information in images may not effectively protect privacy, as the original content can often be recovered using deblurring techniques. 2020-02-29

Script detects and exposes your local web servers on localhost and your local network. 2019-05-26

A new phishing technique that displays a fake URL bar in Chrome for mobile. A key innovation is the “scroll jail” that traps the user in a fake browser. 2019-04-27

CSS visited link styles are limited for security reasons, as they could reveal a user’s browsing history. Color can be changed, but getComputedStyle will lie about it. 2019-03-08

Gmail’s “dots don’t matter” feature lets scammers create an account on, say, Netflix, with your email address but different dots. Results in convincing phishing emails. 2018-04-07

Generate a master keypair. Encrypting each diary entry with a one-time shared secret. Encrypt the shared secret with the public key. Decrypt entries using the private key and the shared secret. 2017-12-03

The openssl passwd command hashes passwords using the outdated crypt algorithm, with truncation to 8 characters - a poor choice for secure password hashing. 2017-03-12

Use the openssl s_client command to fetch a server’s SSL certificate chain, including the root certificate. 2017-03-11

Generate random bytes with openssl rand, which uses a PRNG seeded with entropy from ~/.rnd. 2017-03-10

Encrypt and decrypt text using the openssl enc command with a password and AES-256 cipher. The encrypted text is base64-encoded. 2017-03-09

A stream cipher works like a one-time pad, but uses a pseudorandom “keystream” from a PRNG seeded by a secret key and nonce, preventing attacks based on pad disclosure or reuse. 2016-11-21

2016-08-10