- Is it safe to use a weak password as long as I have two-factor authentication?
- Client side password hashing
- When using symmetric key encryption, do we need to sign?
- What is the potential impact of these SSL certificate validation vulnerabilities?
- Can someone detect the URL an android app uses?
- Encryption in an embeddded system
Showing posts with label Stack Exchange. Show all posts
Showing posts with label Stack Exchange. Show all posts
Wednesday, November 21, 2012
Stack Exchange posts pt. 2
Following my previous post on the subject, here are a few more links to posts on the Stack Exchange IT Security Q&A site:
Monday, October 22, 2012
Where I've been for the last two months
It's been two months since my last post. During this time I've been very active on the Stack Exchange IT Security site, under the equinym "David Wachtfogel" (an equinym is a pseudonym which is equal to the real name).
Stack Exchange is a moderated Q&A site. There are several advantages to posting answers on Stack Exchange compared to posting blogs on my own blog site, including:
On the other hand Stack Exchange does cramp my style a little. It's a serious site so there's less room for humor. To get recognized it's usually important to respond quickly, which leaves less time to polish the post. So I do plan to continue posting to this blog when appropriate - and I'm currently working on my next post.
Following are links to some of my contributions to the Stack Exchange IT Security site. Read them, but don't stop there - there is a lot of great material on the site posted by people like Thomas Pornin, Polynomial and D.W.
I also found an interesting bug in MDK3.
Stack Exchange is a moderated Q&A site. There are several advantages to posting answers on Stack Exchange compared to posting blogs on my own blog site, including:
- Wider distribution. There are more people in the Stack Exchange audience than there are in my blog's.
- Peer review: There are some great people active on Stack Exchange who will review your work and give good feedback.
- Topics: Answering other peoples' question means I don't need to come up with topics for posts.
On the other hand Stack Exchange does cramp my style a little. It's a serious site so there's less room for humor. To get recognized it's usually important to respond quickly, which leaves less time to polish the post. So I do plan to continue posting to this blog when appropriate - and I'm currently working on my next post.
Following are links to some of my contributions to the Stack Exchange IT Security site. Read them, but don't stop there - there is a lot of great material on the site posted by people like Thomas Pornin, Polynomial and D.W.
- Why do some sites prevent users from reusing their old passwords?
- Average number of exploitable bugs per thousand lines of code?
- Privacy implications of IDFA/IDFV? (iPhone/iOS)
- What is the key when facial recognition is used as a password?
- Confused about (password) entropy
- Firefox lists '(unknown)' as the owner of google.com. Is my connection insecure?
- Without SSL, what vantage point does one need to MITM non-SSL'd HTTP?
I also found an interesting bug in MDK3.
Subscribe to:
Posts (Atom)