Unanswered Questions

I have a query regarding best practice of using PGP to sign emails with Thunderbird 78. Thunderbird 78 took an existing system by Enigmail and brought it "in-house" to be built into the ...

SolarWinds Orion customers have suffered some network compromises according to news reports. One report says, right at the end of the article, that SAML2.0 signing certificates may have been ...

A HaLVM unikernel is a Haskell program compiled with a modified version of the Glasgow Haskell Compiler to produce a standalone Xen kernel, which will boot on any Xen PV machine instance. A HaLVM ...

I see that there is an increasing number of PCs shipped with firmware based TPM (fTPM), e.g. the Intel NUC. As far as I understand, these solutions practically emulate a TPM chip using the CPUs ...

Facebook recently announced that they will begin offering a first-party cookie option for the Facebook Pixel. Previously, they only used third-party cookies. From their documentation: You can now use ...

The general idea here is the feasibility of adding Windows UAC-like "consent prompts" to a Linux system, designed in such a way that cannot be bypassed in software. Giving consent should ...

My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API. When it comes to advertising, the type of ...

I have come across a CTF challenge that has a part with an SQL injection (MySQL DB). I have completed it, but I do not know why or how the injection works. The query in the PHP application would ...

I'm trying to verify a 2-way SSL connection using the openssl s_client command openssl s_client -connect localhost:8883 -CAfile ca.pem -cert client.crt -key client.key The openssl s_client fails ...

Are there any risks to be aware of if you remote into another person's computer via their Teamviewer Partner ID and password? Any recommended settings to choose when remoting into an unknown computer? ...

I am learning the general concept of network security and became aware of DNS poisoning attacks and ARP poisoning attacks. They are both due to certain cache structures. It seems to me that NAT table ...

I found out that an endpoint of a website may be vulnerable to XXE. It is using Unmarshal as an XML parser. When I try to send a post request using common XXE payloads, I receive the following ...

I am using libsodium for cryptography and I want to use SRP for key exchange. The wikipedia page lists a python example, but I am not sure if and how I could convert this to libsodium function calls. ...

I played around with a man-in-the-middle proxy tool and connected different smart phones to it. As the proxy uses a self signed certificate the tested smartphone apps did not accept the presented ...

A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with ...