One of the companies I worked for used client-side hashing to minimize risk when logging the password in the server logs. Can this be a good reason to implement client-side hashing?
If I were to click a link on any of my devices, be it over text message, email, or from a webpage, and enter no information/actions with the target page. What is the worst that could happen?
I see there is no encryption for ms chap v2 (providers settings.)
Yubico offers the YubiKey Nano, a 2FA key designed to be left inside the device more or less permanently.
While it does add comfort to be able to just leave it plugged in, what risks would there be if the device was stolen?
From what I could gather, local device accounts would have the same level of protection as a regular passphrase would provide. Online accounts, depending on the setup, would either have no protection at all (e.g. through a “Remember me on this device” function), or the same protection as a regular passphrase.
Is there anything I am missing?
I’ve written some code and have a feeling there’s a security issue with it, but I can’t figure out what it is.
Is there a security risk in including URL parameters directly into part of a link on a webpage?
- User visits
- JS reads the URL, and retrieves part of it, in this case
- JS builds a URL using that data
- That new URL is added to the page (Adding the URL to the page is escaped, so injecting JS shouldn’t be a problem, in theory)
Is there any way that displaying or clicking on
https://www.example.com/2/<any plain text here> could be a security flaw?
Reading up on the NTP protocol wikipedia page as well as blog posts about NTS, it appears like NTS uses TLS to start the encrypted connection. From what I understand, TLS might not work properly if there is a significant difference in time between the server and client. If so, doesn’t using NTS mean that if the client system time is misconfigured, the NTS call might fail because the TLS connection can’t be established?
I am currently working on a personal project to facilitate the connection of users to a private interface using a mobile application and a QR Code.
- Users download an application and log in with a username and password.
- Users then connect to a web interface with a QR code.
- When users scan the QR code with their mobile, the web service allows each user to access his private interface.
In my research, I came across the QRLjacking exploit allowing a hacker to log in with his QR code.
What techniques could be implemented to drastically reduce the risk of hacking?
So far, I have thought of several ways but they are not ideal:
- Requesting to scan a second QR code once the first has been scanned (thus requiring the hacker to have access to the second QR code).
- Limit the validity of the QR code to 15 seconds (thus requiring the hacker to act very quickly)
- Require the user to connect their phone to the same network and include the IP address in the QR code.
We have European merchant accounts at the ready for high risk merchants.
Gaming, adult, pharma, nutra etc
Most high risk industries accepted.
To apply email us at
My company decided to build an ETL server on Azure and share by multiple client. My task is to research on possibility to set up multiple VPN tunnel from cloud to multiple client office network. I feel that it will have security concern, but this is just my opinion, can anyone help me to list out the risk? Should i proceed?
I have quite a good hardware in my pc + optic fiber connection. I opened a CS:GO (counter strike global offensive) server on it, and made it public. The ip for connecting to this server is my public ip address.
I set a strong password to the router admin (24+ characters). I assured that I have no risky\unwanted ports open. So in short, except for DDoS attacks, is this setup risky in any way?