How does VPN prevent Man In the Middle at the ISP level [duplicate]

If Man-In-The-Middle is at the ISP level (or even before ISP) it seems like they could perform the handshake, swap keys supply a faked or copied cert. The only thing they wouldn’t know is the private key. But it seems like if they were the client for the endpoint server, and they were the server for the victim, they could create two chains of encryption/decryption and two shared-secrets and no one would be the wiser. I think I’m misunderstanding something, though, because people say that a VPN would protect against this. So the basic question is how does an HTTPS web site cert protect against man in the middle at the ISP level?

Added: I guess the real question here is how does the guv’ment do it? Do they have a “spoof-cert” that is trusted by all CAs? (Or would this need to be a different cert for every coneivable site?)

How to prevent Cross-site Scripting in ajax response

I have a page(parent.php) from where i am calling a another page(result.php) through jquery ajax that is returning a response in html format. This response is showed on the parent.php page in a div. How can i secure my ajax response from xss attack. Here is the code snippet of parent.php page

$  .ajax({         type: "POST",         url: "getResult.php",         data:{search_in:search_in},           beforeSend:function(){           $  ("#search_result").html('Loading..');      },        success: function(result)     {         $  ("#search_result").html(result);         $  ("#search_result").show();      } }); 

in the getResult.php page i am quering database based on the parameter and returning some result in html form like table. How can i prevent cross site attack

Can one prevent Mathematica from adding ExpressionUUID to cells?

There are some well-known options for preventing the front end from adding “unnecessary” stuff to .nb files when keeping them e.g. in a git repository: CreateCellID, "FileOutlineCache" and "TrackCellChangeTimes".

However, recent Mathematica versions seem to add an ExpressionUUID to each cell, which makes the task of keeping .nb files in a repository more challenging.

So is there perhaps some dedicated option to turn that off and therefore get rid of ExpressionUUID in a given notebook?

How to capture an input device and prevent it’s default behavior

I have an RFID tag reader. But it works like a HID device (like a keyboard). It sends keystrokes to the computer when a tag is scanned. When I open notepad and scan a tag – it types the ID one digit at a time. Is there a way to create a program to listen to this device (or this port) and capture (intercept) all input. So that the keystrokes wouldn’t appear on my system but I could assign my own events when the device sends and input. I don’t want it to show up on Notepad.

I realize that the implementation can differ depending on the OS and programming language used. Ideally, I would like to make this work on both Windows and Linux. I would prefer to use something like Node.js but I suppose C could also be good.

I would appreciate any hints or pointing me in the right direction.

enter image description here

How to prevent parsing of a should-be-parsed HTML element from server?

I have a website built with MediaWiki CMS which I host on a CentOS based Apache “shared server environment” (SiteGround).

This website contains a ContactPage contact form in which the subject field is hardcoded to the form wrapper via PHP;
This is odd, because all other fields aren’t hardcoded like this and are actually optional and injected into the wrapper from the form’s default template which I pasted into the main customization file of the CMS (LocalSettings.php);
By the way, All of these optional fields are HTMLForm template-engine fields.

If someone wants to remove the subject field from backend whatever reason, it would be a logistical pain, because, for example, after every automatic upgrade, it will have to be removed again, probably manually, from ContactPage extension relevant PHP source code (unlike all other fields which are optional from the very stable file LocalSettings.php).

My problem

I want to remove the aforementioned subject field and the only very stable ways I have with the current architecture of MediaWiki, are CSS and JS;
But this is problematic because a user can easily turn off both (most users won’t do that, but still).

My question

How to prevent parsing of a should-be-parsed HTML element from server?

As this is an Apache “shared server environment” and I don’t have full access to the server, rather only to .htaccess files, is there any “nasty trick” I could do in .htaccess to prevent the parsing of the should-be-parsed subject field by some criteria (say, its HTML attribute or CSS class or whatever other applicable criteria)?

Error messages generated in a table calculation prevent “good” elements of that table being accessed

If I make a batch fitting routine, something like:

FitResultsData =      Table[              SpectrumData = Import[SpectrumList[[i]]];                SpectrumFit = NonlinearModelFit[SpectrumData, Model, {a, b, c}, x];                  aFitOut = a /. SpectrumFit["BestFitParameters"];                  bFitOut = b /. SpectrumFit["BestFitParameters"];                     cFitOut = c /. SpectrumFit["BestFitParameters"];               {i, aFitOut , bFitOut, cFitOut},              {i, 1, Length[SpectrumList]}             ] 

and a fit fails completely, e.g. I get a Power::infy: Infinite expression 1/0.^2 encountered. error or something, I find that when it comes to going on to use FitResultsData after all Table[..] has finished fitting and executing no matter which row I select for example FitResultsData[[1]] the error Power::infy: Infinite expression 1/0.^2 encountered. will be returned. This happens even say the original source of the error was in spectrum i = 99.

Is there a method of escaping such errors, such that even though one spectrum fit might be bad, it doesn’t stop be accessing the 99% successful

Why does a nonce prevent a replay attack?

I have a question about a cryptographic nonce. I understand the use of a nonce, however there is one particular part that I don’t understand. Please consider the picture below.

I don’t really understand why a replay attack is impossible, if the nonce is not encrypted. Because, if it isn’t encrypted and I (as an attacker) know the nonce, then I can predict the next number (N + 1) and send that to Bob. Obviously I can’t generate a MAC by myself (well, I can but Bob won’t trust it) – I don’t have the corresponding key; but I can send the MAC, who is previously generated by Alice, again with a “new” nonce (N + 1)..?

Could someone explain why this won’t work?

Thanks in advance.

enter image description here

Does StackGuard prevent Format String Attacks

I am aware that Format String Attacks work by having a vulnerable function which allows the user to read values from the stack using %x and write by using %n.

Since one of the goals of a Format String Attack can be to overwrite the address of a function in the Global Offset Table, I was wondering does StackGuard prevent this?

I know that StackGuard protects save-return addresses of functions to be overwritten, however, will it help against a Format String Attack if that attack aims to change the GOT values?