Home » Information Security » Page 1
Job Opening - Security Engineer (Data Analytics)
Information Security
Job Opening - Security Engineer (Data Analytics)
 
Hi All,
I'll like to borrow the security section here to find security like-minded folks whom are keen in a role in my company. If this is not the correct section, Moderators please assist to move as required and appreciate the help.
This is a junior position and we're open to fresh graduates (Diploma / Degree) o

Migrating GPG master keys as subkeys to new master key
Information Security
Currently I have 3 private GPG pairs which are all master keys. I want to convert these keys into subkeys for a new key pair (and keep that in the vault).I have read the following thread http://atom.smasher.org/gpg/gpg-migrate.txt which involes some sort of hacking the binary file to convert one master key into a subkey and replace it with another. Is it possible to combine my different keys into

Consider a "zero-knowledge" file host such as mega.co.nz. How can one prevent users to upload unencrypted content?
Information Security
I am wondering how could a zero-knowledge host such as mega.co.nz prevent users to just upload files in clear, and, for example, to discredit the site by uploading a large quantity of illegal material and then telling the authorities.Ideally, the server should refuse unencrypted uploads. However, what's a definition of "unencrypted" that a computer may understand? I guess there's none.It could be

Is my service provider hacked and what can I do to protect myself?
Information Security
I found myself looking at a stock and forex search page when I try to access Chinese Stackexchange using my FireFox browser today. This is what the page looks like:And this is the HTML of the page:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd"><!-- turing_cluster_prod --><html> <head> <meta http-equiv="Content-Typ

basic checklist of things to check to secure a router and wireless network with IP cams
Information Security
Suppose I have a brand new router, and I have set up some basic things just to get a wireless home network going:I created an SSID name for the network, and it's WPA2-PSK protected. I also added a password for the router "admin" in order to prevent others allowed in the network from modifying the router settings.The router gateway/settings cannot be accessed from WAN.I also had needed to do some p

How secure is a partial 64bit hash of a SHA1 160bit hash?
Information Security
So http://en.wikipedia.org/wiki/SHA-1 SHA-1 produces a 160-bit (20-byte) hash valueand As of 2012, the most efficient attack against SHA-1 is considered to be the one by Marc Stevens with an estimated cost of $2.77M to break a single hash value by renting CPU power from cloud serversWith a theoretical attack taking 2^60 operationsSo if a custom verification algorithm only the first 64bits of th

Can the xor of two RNG outputs ever be less secure than one of them?
Information Security
Suppose I'm suspicious that one or more (pseudo)-random number generators is cryptographically flawed, perhaps even deliberately backdoored. The RNGs in this case might be either PRNG algorithms, hardware random number generators, or some OS-provided primitive whose source might be either of these.Can it ever be a bad thing to "salt" the RNG by using the xor of its output and some other RNG's out

Ranking of web security conferences
Information Security
I have prepared a paper to publish in a web security conference. How can I know the ranking of available conferences to know which conference is better? For example, should I look at their sponsors?

Do I need to expire a session cookie when sessions are handled server-side?
Information Security
The only data in the cookie is the session ID. There is no expiration timestamp set when creating it, a session is always evaluated server-side to see if it has expired.When logging out, the session is destroyed server-side. Is there any point then in expiring the cookie?

Is my invitation based file access authorization scheme worthwhile?
Information Security
I need to allow users to upload files with sensitive data to a server, then invite other authenticated users to access specific files.This is my proposed solution:Each user will have his own folder to which he uploads files, and the parent folder will have an .htaccess with deny all to block direct access. (This already works well.)Then, an invited user will get a generated SHA1 invitation id and

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .