Home » Information Security » Page 2
How is password character validation in 3D secure is implemented? [duplicate]
Information Security
This question already has an answer here: Is my bank storing my password in plain text? 5 answers We have a website which stores hashed passwords in the database. During logins we hash the password entered by user and compare two hashes. This

How bad is exposing valid user names?
Information Security
Today like many other times in the past, signed for a new service and got a common error message: Your user name or password is invalidThis time I am wondering how useful it is to notify "invalid password OR user" versus a less common but more useful two message schema with the real problem: "unknown user", "invalid password"My thought was that a system that does not specify if the user name is

Can anonymizing techniques make you less anonymous?
Information Security
There's a recent report in the news of a Harvard student who emailed in a bomb threat so as to postpone year-end exams. According to the report, he carefully covered his tracks using the best technology he knew about: he used a throw-away email account, and only accessed it over TOR. It turns out that this last point -- using TOR to send his email -- is what made him easy to find. Officials simply

Cracking passwords after a patteren with ex. John
Information Security
So i am trying to find out how easy it is to crack a password using some great Linux tools.We all know about John as a password cracker and how great it is. But how about specifying a patteren.Lets assume the following policies.A password must start with a capital letter and then followed by 3 small lettersA password must end with 3 numbers A password must be excatly 7 in lengthPassword example:

Target store data breach - What should I do to prevent my account which got exposed via Target Red Card
Information Security
I couldn't find any information anywhere on what the customers should do whose card details got exposed, any idea what should I do? As I am one of 40 million whose card details got leaked. I have red card associated with one of the banks checking account.

Trust a non-root CA in OpenSSL
Information Security
Is it possible to have OpenSSL trust a non-root CA such that a certificate signed by that non-root CA can be properly verified? I've noticed that the default behavior for OpenSSL is to only verify certificates when it can build a complete chain, up to a self-signed root CA. Can this be overridden?I specifically do not want the root to be in the CAfile.

MiTM not working --rejected by router?
Information Security
I have been attempting to run a MiTM on a very old XP SP3 computer. I have attempted it with 3 products, as listed below:Wireshark: Traffic from the computer did not even show up. (I did see traffic from multiple IP's, so I think I have the right adapter)ARP Spoof: (with and without SSL Strip): As soon as attack took place victim was kicked off my network and not allowed back on until attack stopp

How can I use a proxy appliance as HTTP Proxy & Reverse Proxy at the same time?
Information Security
I have a BlueCoat ProxySG 810 appliance and want to use it as both an HTTP Proxy Server for clients on the Inside interface of a PIX 525 Firewall (OS Version = 8.0(4)) and a Reverse Proxy Server for my Web Servers on the DMZ.Should I place the ProxySG 810 on the DMZ?If I do so, does the ProxySG 810 need to access the Inside network (i.e. Initialize connections to Inside) to be able to serve as an

Can too much web searching be a danger to a security professional?
Information Security
As a junior security professional, I spend a lot of time goggling for things such as 'wpa dictionaries', 'vulnerabilities...' , 'how to crack ...','and so on.I sometimes feel like I am calling for wrong attention (from ISP, google and/or agencies), regardless of my intention to increase my knowledge of what I am defending against and having fun on cracking my own home network.Will googling draw to

Validating correctness amongst untrusted answers
Information Security
I'm toying around a distributed computing project. The client application asks for a problem to solve. The server returns a problem description from a "problems pool". When the client finishes, it sends back the solution. I cannot trust my users, and so I cannot trust their solutions. I need somehow to validate their solutions are correct (for some definition of "correct"). Anyone could send a

Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .