manipulation of hardware or software is what active troubleshooting is all about

manipulation of hardware is what active troubleshooting is all about simply put you must know something well enough to manipulate it to a fine degree if you want to be a technician this means having the books, schematics, secrets or whatever necessary to exercise the entire device one piece at a time. Some persons can be much smarter than others at this. today the world is so overcrowded the bosses can pick and choose at will so this world is no longer in the hands of the common man. It will take a world war to give control back to the average human being. These so called bosses are now treating humans like they are in fact machines to be manipulated.

Is running software in Docker an allowable way to bypass FIPS 140-2 issues?

Someone has a service that uses a FIPS non-compatible hash in a protocol signature. When FIPS 140-2 compatibility is enabled on the hosts the service crashes (due to the hash signature being not allowed by the security configuration of the host). A way to get around this is to put the service in a Docker container on the FIPS compatible host. It works, but is it ok from a FIPS compatibility point of view? If not, why?

What software can I use to simulate a deck of cards for playing online? [closed]

I’m going to be running a game over a Google+ hangout, and the game needs a deck of cards that all of the players will draw from, keeping some of the draws hidden. I’ve searched around but most of the things I’ve seen replace the cards after they’re drawn.

I’m looking specifically for something web based so that I don’t have to require the players to install any software.

Azure Key Vault – hardware vs software protection

I was wondering if I correctly understand the difference between hardware and software protected keys.

Quoting the Applied Cryptography in .NET and Azure Key Vault (page 146 available on Google books)

Azure Key Vault Hardware Mode

When you configure Key Vault to work in hardware mode, you get the most benefit from the service because not only are keys stored in the hardware, but all operations such as encryption, decryption, and digital signatures are also performed on the device, which gives you the high level of protection when using Key Vault. The extra level of security that this affords does come at a cost as you need to use a premium service plan, but the additional cost gives you the extra protection that you would want in a production system.

Azure Key Vault Software Mode On the flip side, when you configure Key Vault to work in software mode, your keys are stored on the hardware, but any other operations, such as encryption, decryption, and digital signatures are performed outside of the HSM hardware using standard Azure compute virtual machines. Since there is less work on the HSM, you save money. From a software interface point of view, there is no difference in how you use Key Vault between hardware and software mode; the differences are transparent to a developer. When you are planning your testing and production environments for your software application, it is a good idea to use Key Vault in software mode for your testing environments as you can keep the costs low, and then use the hardware version for your production environment as this gives you the most significant level of protection.

In summary, my secret key is safe with hardware protection as long as the encryption key used to secure my secret key is not read from the HSM (which requires tampering with it and it leaves evidence). My secret key does not leave the HSM which performs all the operations using my secret key on its own. However, the software protection doesn’t have this extra security layer and my secret key is given away to Azure compute virtual machines, and my secret key could therefore be stolen without leaving any physical evidence whatsoever. Is that correct?

Why would a software need my IP address in authentication token?

I was looking at the authentication token used in my network requests to a software that we use at work. I noticed that this is not a general JWT OAuth token but some XML based token. I guess, old way of doing things. I am particularly interested as to why do they need my IP address?

Is there a legitimate security reason to need it? My guess is to ensure that no other machine can reuse the token.