Information Security Weekly Newsletter - Wednesday, April 29, 2015

Top new questions this week: How to publish scanned documents anonymously? I was thinking of the following question for a long time and did not find a lot of material* in the web and nothing at all on Security.SE. I think its a very interesting question as it covers ... anonymity   asked by Robert 58 votes answered by goncalopp 49 votes Does read-only access to the database prevent sql injection? I have a web api that connects to my SQL Server using a read-only connection and want to allow tech savvy users of my api to enter an SQL where clause on the querystring. I basically just want to tack ... sql-injection sql-server   asked by Aaron 42 votes answered by gowenfawr 92 votes Is email from my WordPress site a hack or just a normal comment? I received an email for my WordPress site, where the comment section is disabled. This was the email: "Author: google (IP: 210.56.50.40, 210.56.50.40) Email: guest@gmail.com URL: ... wordpress attack-vector   asked by Joci93 20 votes answered by Sacx 28 votes Why do HTTPS requests include the host name in clear text? I'm having a little bit of trouble understanding why the HTTPS protocol includes the host name in plain text. I have read that the host name and IP addresses of an HTTPS packet are not encrypted. Why ... encryption tls dns-domain   asked by Josh von Schaumburg 17 votes answered by Steffen Ullrich 30 votes How can I explain "zero knowledge proof" to an end user? A ZKP allows proof of knowing the answer to a secret, without actually disclosing what that answer is. Is there any analogy that can help people put this concept into everyday practice? A "lie to ... cryptography bitcoin documentation end-user   asked by LamonteCristo 15 votes answered by Rahil Arora 24 votes How secure is binding to localhost in order to prevent remote connections? Let's say we're running a service that's bound to localhost (127.0.0.1), and the goal is to only allow local clients (i.e. from the same machine only) What techniques might be used to break this ... dns routing dns-spoofing   asked by davidkomer 15 votes answered by WhiteWinterWolf 15 votes Custom socket server on the internet running as root We are writing a custom socket server which runs on a high port. Until recently, it has been running behind a corporate firewall. Now, it has been decided that the server should be taken outside the ... web-application exploit webserver permissions   asked by Cuadue 12 votes answered by Tom Leek 13 votes Greatest hits from previous weeks: RSA vs. DSA for SSH authentication keys When generating SSH authentication keys on a Unix/Linux system with ssh-keygen, you're given the choice of creating a RSA or DSA key pair (using -t type). What is the difference between RSA and DSA ... encryption cryptography authentication key-management ssh   asked by jrdioko 236 votes answered by emboss 162 votes Why can you bypass restricted WiFis by adding "?.jpg" to the URL? I recently read an article on Hacking a commercial airport WLAN. It's basically about circumventing paid airport WiFi redirections (they redirect you to a certain URL when you type something in the ... network wifi access-control   asked by JohnPhteven 35 votes answered by Manishearth 45 votes Can you answer these? How secure are expiring tokens and refresh tokens? In the comments of a question on StackOverflow, OAuth2 Why do access tokens expire?, people are questioning how secure refresh tokens are. This comment is how I feel: So it provides some ... oauth   asked by Luke Puplett 3 votes Which method of an port forwarding is more secure? I am at the design stage of an embedded system which requires an incoming connection to be forwarded through a consumer-grade router. This will carry an encrypted connection eventually. I see three ... port-forwarding   asked by Cybergibbons 1 vote Where does the GSM A5 key come from? Why isn't DH used? I've read this article about NSA allegedly stealing SIM cards from Gemalto which states: After a SIM card is manufactured, the encryption key, known as a "Ki," is burned directly onto the chip. A ... gsm simcard   asked by tsusanka 2 votes

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3