CRC(theoretical)-did not understand the highlighted part given below

Original:-http://www.cs.jhu.edu/~scheideler/courses/600.344_S02/CRC.html

…….. Well, at the very least, it would be nice to make sure that the CRC did as well as adding a single parity bit. That is, we would like to avoid using any G(x) that did not guarantee we could detect all instances of errors that change an odd number of bits.

->If a received message T'(x) contains an odd number of inverted bits, then E(x) must contain an odd number of terms with coefficients equal to 1.
->As a result, E(1) must equal to 1 (since if x = 1 then xi = 1 for all i).
->If G(x) is a factor of E(x), then G(1) would also have to be 1.
->So, if we make sure that G(1) = 0, we can conclude that G(x) does not divide any E(x) corresponding to an odd number of error bits. In this case, a CRC based on G(x) will detect any odd number of errors.
->As long as G(x) has some factor of the form xi + 1, G(1) will equal 0. So, it isn’t hard to find such a polynomial. ……….

How do I decode this Suricata code ? how to understand what it means?

alert http any any ->; $ EXTERNAL_NET any ( msg:"What do I alert on?"; content:"POST"; http_method; content:"Content-Type|3a 20|application/json"; http_header; fast_pattern; pcre:”/^{email:\"[^\"]+\"\,password:\"[^\"]+\"}$ /P”; flow:to_server,established; metadata:date 2019-01-01; classtype:trojan-activity; sid:2019; rev:3;

Email phishing, understand mail header

I try to understand phishing email received from an attacker:

Received: ....  Received: ....  Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=74.208.4.XX; helo=mout.gmx.com; envelope-from:attacker@infected_website.com;receiver=victim@legit_site.com  Received: from mout.gmx.com (mout.gmx.com [74.208.4.XX])      by in14.mail.ovh.net (Postfix) with ESMTPS id 26F1621CXX      for <victim@legit_site.com>; Mon, 10 Feb 2019 13:06:35 +0100 (CET)  Received: from [IP_SRC] ([IP_SRC]) by      3c-app-mailcom.... (via HTTP); Mon, 10 Feb 2019 13:06:33 +0100 

I think the attacker have sent the mail from his GMX account via GMX web interface. But the envelope-from contain another address (not gmx email addr) where the host is corrupted and user is spoofed. I do not think gmx could allow this.

All reflections are welcome. Thank you.

How to deliberately slow internet connection to better understand UX on slower connections?

I would like to better understand UX on slower connections.

Is there a set of tools or instructions on how to achieve this on mac/windows?

FYI my software isn’t a website or app, it’s desktop software that runs on mac and windows.

Perhaps there are tools available to help? (I don’t mind a DIY solution though)

How to download Toontown Rewritten on Ubuntu for Chromebook? Spent 3+ days and I do not understand ANY of this!

I’m about to throw my laptop out the window.

I have a chromebook and have realized I cannot play Toontown Rewritten on it, so I have tried to download linux, which to my understanding, Ubuntu is a form of. I’ve downloaded stuff that I don’t even remember at this point. I’m going to do a scrub on my chromebook and start over. Any help is greatly appreciated… If you need any more specifics or details I’ll respond to all posts. Thank you a million.

How to design an Access Control system that is quick to implement and understand, yet maintainable and flexible enough?

We’re currently redesigning our access control system for our SaaS startup (over the past two years it has grown alongside the business and decided to clean it up at this point). The access control system should serve customers with 500 – 10,000 users each.

It should support:

  1. Read-only users (i.e. some users may only log in and view items)
  2. Only a few users may change global settings (like managing integrations, billing information etc.)
  3. Only a few users may change settings for one of our three product modules
  4. For each created resource (e.g. a project, a team, …), only the project members / team members may change the resource.
  5. By default, all users may view all projects, but it should be possible to “hide” projects so that only the project members may view the hidden project.

The challenge now is that Role-Based Access Control only seems to satisfy 1-3, but not 4 or 5. Is ABAC now the way to go?

Overall, I think we have similar requirements to JIRA which seem to offer an extremely flexible but also very complex (unintuitive) permission system

Do you have any recommendations on how to best design an Access Control system, i.e. what questions we should ask ourselves and which trade-offs we’ll probably have to make?

Thank you very much!

Trying to understand how Digital Certificates and CA are indeed secure

I understand that Digital Certificates and Certificate Authorities (trusted 3rd parties) help prevent man in the middle attacks during HTTPS connections. However, I am confused on a few details.

Let’s say we have a client Alice and Bob who has a server mapped to “bob.com”.

When Bob (bob.com) asks a CA (let’s say veriSign) for a new certificate to be created and sends them his public key to be put inside the certificate, what is stopping a hacker from intercepting the request, switching the public key with their own, having the CA create a false certificate, and then returning this false certificate to Bob. Is the only protection here that Bob actually checks that the public key on the returned certificate matches what he originally sent in his request to the CA? And then I guess informing the CA that what he got back doesn’t match what he sent out, so the CA doesn’t maintain a false record?

Assuming that the newly created certificate Bob gets from veriSign is legit, let now say that Alice is going to make a request to “bob.com” via the HTTPS protocol. What is preventing a dual channel MITM attack where a hacker intercepts Bob’s new certificate on way to Alice, creates a new one, signs it with their own secret key (which was previously signed by verisign), but then also intercepts Alice’s request to veriSign when she asks for veriSign’s public key, and switches it out again with the matching public key to the malicious secret key. Now when Alice tries to check the integrity of the false certificate, it checks out because although she thinks she is checking the signature with veriSign’s public key, she is really using the malicious public key?

Getting erros on a Get&Set but don’t understand why

Hi I have spent the past few hours researching what could be the problem with these errors I have been getting. Does anyone know what it could be?

Initialization:

 private int noDifferenceFieldCount = 0;  private int recordsNotFoundCount = 0; 

Code:

     public string CounterNoDifferenceFields     {         get { return NoDifferenceFieldCount;}          private set { NoDifferenceFieldCount = value; }     } } 

AND

  public int CounterRecordsNotFound     {         get { return recordsNotFoundCount; }         private set { recordsNotFoundCount = value; }    } 

Errors:

(1) The name ‘NoDifferenceFieldCount’ does not exist in the current context

(2) Expected class, delegate, enum, interface, or struct

How to understand set notation and turn it into regex?

{w | w ∈ {a,b,c}*}

What does the above notation mean and how to turn it into regex?

my understanding is that this set notation will produce {abc, aabbcc, cab, bba} basically any number of a’s b’s and c’s in no particular order so the regex would look something like (a|b|c)* is this correct?

{w | w ∈ {b}* U {c}} and something like this means I have a language that contains any number of b’s or just a c {b, bbb, bb, bbbb, c} in regex b* | c is this correct?