Newest Questions

I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security Files and folders are structured in a tree and called nodes. Each node (file/...

I’m in the process of developing a native app and am currently trying to come up with a workflow to secure the communication between my app and the server. I’ve done a lot of research and have not ...

My understanding is that the OAuth Authorization Code Flow is used to avoid exposing the access token from the User Agent. But why? I was reading this article (Common OAuth Vulnerabilities) by ...

Why would an OAuth implementation choose to use the Authorization Code Grant -- when it means that the access tokens are leaked to a third party? I've been using API keys for a package on my server to ...

What questions should I ask to determine if a given OAuth implementation is secure? I've been using a wordpress plugin for payments that authenticates with the payment gateway with an API key. I like ...

My lab has these restrictions: 1. Inbound and Outbound HTTP connections are allowed from CONFLUENCE01. 2. For Non-HTTP connections, only inbound TCP is allowed at port 8090 of CONFLUENCE01. 3. ...

I am running an Octoprint server for my organization and I restrict access to it by smart card client certificates. This works fine for accessing the web interface in a browser as well as the "...

When I travel abroad, people who dial my (British) mobile number hear a calling tone different to what they would have heard if I am home. I do not want everyone who calls me to know I am unlikely to ...

I'm working on financial software in which at some point in the process, we send users an email to initiate their portal onboarding. The email contains a hyperlink along with a token. We already have ...

I have encrypted mounts in my Synology DS 918+ and I'm using an additional SSD leftover as a write-cache. When I have an encrypted directory mounted, are there unencrypted bits stored on the SSD? Do ...

I read the following article and it says to "Stuff random data to the device" (using shred) before encrypting with LUKS. How to enable LUKS disk encryption with keyfile on Linux Why would ...

According to https://support.apple.com/en-ca/guide/security/secb010e978a/web: If a file isn’t assigned a Data Protection class, it is still stored in encrypted form (as is all data on an iPhone, iPad,...

I’m using ExpressVPN on my Mac. My Little Snitch firewall is showing that several applications, including my browser and a process called expressvpnd, are making requests to DNS servers set by my ISP. ...

Suppose I create a game in my website. No registration and no login required. It's all based on public IP of people accessing my site. I gave credit to them based on IP reputation to prevent spam ...

I found tools that bruteforce ssh ed25519 key pairs to include specific text in the public key, but none of them mention the security implications. Right now im thinking that if i could generate the ...