What if an attacker gets access to public key through an insecure media in digital signature?

If A encrpyts the message and creates signature using his private key and sends through the network then only B with the public key of A can decrypt that message.

But what if the attacker gets access to the public key of A and the encrypted message through the network? Will he be able to decrypt the message?

Does the DICOM file header gets lost when transferred over the network?

I am currently investigating the PEDICOM vulnerability CVE-2019-11687 where I am trying to reassemble the P-DATA DICOM fragments from a PCAP. Since the vulnerability takes advantage of writing bytes onto the header, I want to investigate this. When sniffing the network and trying to capture and reassemble the file, when sent over the network using the DICOM protocol does it loose its header and the only information is sent are the different data elements?

Is it possible to bypass escape() when document.getElementByName gets the value?

Say I have the following script

var a = document.getElementById('in').value; escape(a); 

Is it possible to bypass the escape function to do some XSS? I have tried );alert(1); to no avail. I have tried “);alert(1); but that doesn’t work either. I’m guessing its because document.getElementById returns a string. Anyway to bypass it?

Page Content Gets replaced by “N;” for a page every few days

On my wordpress site i have page built with Visual Composer plugin, but from last few days the page’s content automatically gets deleted and replaced by “N;”

I don’t think its a hack, it just seems to be happening only with this one page.

This page is little complex as it uses, lots of Charts and tables and javascript and filters, so i’m unable to find the reason behind the issue, I hope someone can help me pointing to right direction.

Post content in database

When a Battle Master fighter gets a critical hit and uses a maneuver that adds a superiority die to the damage, is that damage die doubled?

The Battle Master fighter has access to a number of maneuvers that add a superiority die to the damage roll. For instance, the Trip Attack maneuver says (PHB, p. 74):

When you hit a creature with a weapon attack, you can expend one superiority die to attempt to knock the target down. You add the superiority die to the attack’s damage roll, and if the target is Large or smaller, it must make a Strength saving throw. On a failed save, you knock the target prone.

The Critical Hits rule states (PHB, p. 196):

When you score a critical hit, you get to roll extra dice for the attack’s damage against the target. Roll all of the attack’s damage dice twice and add them together. Then add any relevant modifiers as normal. […] If the attack involves other damage dice, such as from the rogue’s Sneak Attack feature, you roll those dice twice as well.

During our game, the fighter PC rolled a critical hit. He then wanted to use a superiority die to use the Trip Attack maneuver to trip the enemy. Based on the above rules, is the damage from the superiority die also doubled?

I’m assuming the answer is yes based on the last statement in the Critical Hits section, but I wanted to confirm.

Does haste extra attack gets triggered when you cast haste on yourself?

My question here is what is the right combination of the answers from these two questions:

  • Does Extra attack stack with haste?
  • Can you get an extra attack after casting a spell whilst hasted?

Assuming I’m a level 5 fighter / level 5 wizard and I cast haste on myself.

It’s clear from the second question I can then proceed to use the attack action as per haste. My interpretation:

  • RAW is you get only one attack and extra attack does not get triggered as per the answer to the first question.

RAI it looks like that particular line “one weapon attack only” was intended to limit attack explosion on the fighter:

The “one attack only” stipulation is preventing the use of the extra attack feature in the additional action, so a character with extra attack could use his regular action to make 2 attacks and use the additional action granted by haste to attack once more. This is to prevent say, a fighter at level 20 who gets 3 extra attacks from having 8 attacks in a single turn on top of a possible bonus action.

As specified in the answer of this other question.

Is there any indication (by WOG or similar in either direction) as to where in this particular scenario the fighter would get the extra attack? Which would mean, if you cast haste on yourself on your turn, the effect of casting haste is you get to do your turn as normally without the benefit of haste but also without having lost the action into casting haste.

What happens if your Skype gets hacked?

Say that, although you did take into account all the security advices, your account ends up being hacked.

Then what happens?

Can they “jump” from Skype to the whole device?

To steal my contacts, photos, videos, etc?

Or is the hack attack locally?

2nd question, Can you be hacked in “silence”, that is, they are in your Skype/device without you knowing about it?

If the answer is yes, What can I do to know?

I am sorry if the questions are too silly, my knowledge is not good in this topics.

Thank you in advance for your help.

Threema: Are received messages exposed, when sender’s private key gets compromised?

Note: This question is specific to the Threema Messenger, and relates to their implementation of encryption (using the NaCl ECDH implementation as per their docs).

I refer specifically to their “note on outgoing messages” in their validation document on their website:

It may seem strange that outgoing messages can be decrypted by entering the sender’s private key and the recipient’s public key, i.e. without knowing the recipient’s private key. …

Now, consider this scenario:

  • Alice has received a message from Bob, while Eve records/intercepts traffic as person-in-the-middle on the way to Alice.
  • Alice’s public key of course is public, but Alice never disclosed the private key.
  • Eve somehow gets the private key of Bob.

With Bob’s key and the traffic, could Eve now decrypt all content Bob has ever sent to Alice?

In other words, with Threema, is the privacy of received content dependent on the safety of the private key of the SENDER?

Is there ever a case where a creature gets a saving throw against the “Sleep” spell?

The sleep spell (PHB 276) states:

This spell sends creatures into a magical slumber. Roll 5d8; the total is how many hit points of creatures this spell can affect.

This and other similar spells like color spray affect a pool of hit points directly, not dealing damage and encountering potential resistances nor requiring a saving throw that may be given advantage via mechanics.

There are creatures that explicitly give advantage on saving throws against being put to sleep magically, though, such as the Bugbear Chief (MM 33), which has the trait Heart of Hruggek:

The bugbear has advantage on saving throws against being charmed, frightened, paralyzed, poisoned, stunned, or put to sleep.

(Emphasis mine)

or the Balor (MM 55), which has the trait Magic Resistance:

The balor has advantage on saving throws against spells and other magical effects.

(Emphasis mine)

Sleep in this case comes from a magical source, so I believe it falls under the category of a magical effect.

Given these specific wordings, does the general behavior of the sleep spell change to fit the circumstance, giving the targeted creature a saving throw against the caster’s DC? If so, what type of saving throw? Or does the spell simply ignore these traits and proceed to affect the hit point pool directly?

What happens if a dragon gets older but doesn’t gain experience?

Chapter 3 of the Draconomicon details how, every couple years, a true dragon must take its next level in its dragon “class”. But what if the dragon just sits around, not gaining any XP, and therefore never actually gains a “next level”?

It’s said that many dragons let their natural abilities grow rather than adventuring to get experience. Do they somehow get dragon “class” levels for free via aging (like, they instantly get enough XP to advance a level but are required to put it towards being more dragony?), or will they eventually be an ancient dragon with all the statistics of a wyrmling?