Security
!security
help-circle
rss

PGPP | What Is Pretty Good Phone Privacy?
Fascinating service, just wish I was in one of the available countries

I need an privacy friendly cloudflare altnerative?
cross-posted from: https://lemmy.ml/post/401140 > But it needs to be able to be anti ddos and handle hundreds of thousands of requests for my small web app

Should I even use a guest network for IoT devices?
Is there even a point to use an guest network? Like how secure could asus guest network isolation be?


Best Security Cameras for Synology AI DVA1622 Recommendations?
Looking for some security camera recommendations that work for the synlogy DVA1622.

Why are there no RFID fobs that make you click a button before it will transmit?
So a huge issue with RFID authentication is that it can be swiped over the air. Basic RFID fobs that simply transmit the same code every time, or only has a basic nounce, can be swiped just by having a powerful enough reader in the general vicinity of it, even through a bag or an entire wall. With "smart" RFID tags that do cryptography, there are cases where people have slipped a receiver into a person's bag or had someone stand next to them with a receiver, and the receiver relayed in real time the information in the real tag to the fake tag the attacker is using. But, why aren't there simply a button on high security RFID tags that you have to hold down before it will transmit? Instead of tapping your smart card or key fob, you tap it while holding down the button, otherwise it won't do anything. It doesn't have to make the fob require power either, since RFID tags are powered by the reader while being read, you can easily make the button close that circuit only when pressed so the chip can't even be powered without pressing it, or simply have the button close the circuit on a pin of the chip, that it checks for before transmission. I think that this would effectively eliminate one of the biggest attack surfaces of RFID authentication, and with those smart cryptographic ones, the chances of someone trying to swipe your tag at the exact instant you're pressing the button for fun is so slim that it'll probably never happen, or at least only once in a blue moon. What do you think? Is this a good or bad idea? Does it already exist?




GnuPG signature spoofing via status line injection
cross-posted from: https://lemmy.ml/post/343162 > How many nails does that coffin need?








Wordpress being able to force push code updates looks a lot like a botnet to me. And I'm not talking about compromised instances. What could go wrong?

Padding oracle attack - Wikipedia
>In symmetric cryptography, the padding oracle attack can be applied to the CBC mode of operation, where the "oracle" (usually a server) leaks data about whether the padding of an encrypted message is correct or not. Such data can allow attackers to decrypt (and sometimes encrypt) messages through the oracle using the oracle's key, without knowing the encryption key. It's a pretty genius way to break cipher-block-chained encryption!
fedilink

Confidentiality Integrity Availability

  • 0 users online
  • 2 users / day
  • 3 users / week
  • 10 users / month
  • 72 users / 6 months
  • 2.33K subscribers
  • 461 Posts
  • 390 Comments
  • Modlog