Eludes me why they didn't have device-certificate-based auth for their Enterprise WiFi in addition to the username+password. Basically comes for free with AD and NPS.
A wallet app like Exodus is not for keeping BTC, it's for transacting with it. The wallet file is for keeping BTC, and whether you print it on laminated paper or copy it to multiple USB sticks that you distribute in…
Then again, an attacker can read the decryption key from RAM (freeze and remove the modules, then dump the memory on another system) and decrypt the disk offline. So, data on a stolen laptop which has an unprotected TPM…
Technically there is no requirement for a mobile app or data. Through PayByPhone you can pay for parking using SMS, by calling (IVR), a web app or mobile apps. But as the author points out, it's hard for the user to…
Yes, try https://m.paybyphone.com
The article describes the fact that the CM Browser ignores certificate errors and shows websites as though they were properly secured. Having an actual proper setup (with a trusted CA etc.) wouldn't help here, because a…
Why not just pretend you do TLS and simply don't show MITM attacks to your users like the (also somehow Chinese) CM Browser does? https://medium.com/@dEad0r/cm-browser-insecurity-can-chinese...
The final goal this probably had is already achieved (a lot better) by properly configured TLS. I think this only prevents having the password in clear text at some specific point in time on the servers and…
You should have started with the NCHAR(2000) example. Choosing INT over BIGINT is really something that, as you calculated yourself, wouldn't change the fate of a project. Especially not in our 64 bit world ;) The point…
Thanks for pointing to your low-latency-switching strategies, was an interesting read! Although I see how it is great for a high availability strategy as a side-effect, I wonder why you did not want to make use of…
Let's wait for someone to find a vulnerability based on that bug then. Ideas, anyone?
Eludes me why they didn't have device-certificate-based auth for their Enterprise WiFi in addition to the username+password. Basically comes for free with AD and NPS.
A wallet app like Exodus is not for keeping BTC, it's for transacting with it. The wallet file is for keeping BTC, and whether you print it on laminated paper or copy it to multiple USB sticks that you distribute in…
Then again, an attacker can read the decryption key from RAM (freeze and remove the modules, then dump the memory on another system) and decrypt the disk offline. So, data on a stolen laptop which has an unprotected TPM…
Technically there is no requirement for a mobile app or data. Through PayByPhone you can pay for parking using SMS, by calling (IVR), a web app or mobile apps. But as the author points out, it's hard for the user to…
Yes, try https://m.paybyphone.com
The article describes the fact that the CM Browser ignores certificate errors and shows websites as though they were properly secured. Having an actual proper setup (with a trusted CA etc.) wouldn't help here, because a…
Why not just pretend you do TLS and simply don't show MITM attacks to your users like the (also somehow Chinese) CM Browser does? https://medium.com/@dEad0r/cm-browser-insecurity-can-chinese...
The final goal this probably had is already achieved (a lot better) by properly configured TLS. I think this only prevents having the password in clear text at some specific point in time on the servers and…
You should have started with the NCHAR(2000) example. Choosing INT over BIGINT is really something that, as you calculated yourself, wouldn't change the fate of a project. Especially not in our 64 bit world ;) The point…
Thanks for pointing to your low-latency-switching strategies, was an interesting read! Although I see how it is great for a high availability strategy as a side-effect, I wonder why you did not want to make use of…
Let's wait for someone to find a vulnerability based on that bug then. Ideas, anyone?