RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after they were discovered. While it may be theoretically possible to implement RSA correctly, decades of devastating attacks have proven that such a feat may be unachievable in practice.

espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails.

Daemon application able to fetch messages from supported websites and send them by mail. It can also be used to send a reply to a message (on a module which supports this feature), by piping an email to it.

Looks like it should be possible to read (perhaps even write) private messages on Reddit without having to deal with Reddit's own, pretty terrible, web interface. Worth looking into.

HTTP is fundamental to modern development, from frontend to backend to mobile. But like any widespread mature standard, it's got some funky skeletons in the closet.

Some of these skeletons are little-known but genuinely useful features, some of them are legacy oddities relied on by billions of connections daily, and some of them really shouldn't exist at all. Let's look behind the curtain:

This page explains use cases and examples of SSH tunnels while visually presenting the traffic flows.

The SSH agent is a central part of OpenSSH. In this post, I'll explain what the agent is, how to use it, and how it works to keep your keys safe. I'll also describe agent forwarding and how it works. I'll help you reduce your risk when using agent forwarding, and I'll share an alternative to agent forwarding that you can use when accessing your internal hosts through bastions.

DomainKeys Identified Mail (DKIM) allows a person or organisation to claim responsibility for an email message by associating a domain name with the message.

Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:

"Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.

Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more."

"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."

E-mail was once the pillar of the Internet as a truly distributed, standards-based and non-centralized means to communication with people across the planet. Today, an increasing number of services people rely on are losing federation and interoperability by companies who need to keep people engaged on their for-profit services. Much of the Internet’s communication is moving to these walled gardens, leaving those who want to run their own services in an increasingly hostile communication landscape.

1–10 (81)   Next >   Last >|