The Nexus 9 introduces Android 5.0 Lollipop with some new changes that might take a little getting used to. Here's our tips for the Nexus 9 to help you get started.
(This is a preview - click here to read the entire entry.)
dimanche 28 décembre 2014
How to securely install software on Ubuntu?
How to install a software like Sublime Text on Ubuntu 14.04 LTS and mitigate against a MITM attack? There is a PPA available, but the PPA must be added manually.
I don't see any PGP keys or MD5 hashes for it on the download page.
So, is it possible to install a software like this and be safe from a MITM attack? For example, someone hack into their server, and add malware to the download file.
Galaxy Note 4 tips and tricks: make the best even better
The Samsung Galaxy Note 4 is a fantastic smartphone with excellent multitasking capabilities. But with these tips and tricks you can make the Galaxy ote 4 even better.,
(This is a preview - click here to read the entire entry.)
Pair verification functions
Is there a function (say f(x)) to find a string q for string p such that another function g(p, r) returns true or false depending on r matching the p's q without the involvement of data storage?
Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment?
It has become quite difficult to configure an HTTPS service that maintains "the ideal transport layer". How should an HTTPS service be configured to permit some reasonable level of compatibility while not being susceptible to even minor attacks?
TLS downgrade attacks in combination Beast, Crime, Breach, and Poodle knocks out most if not all of SSLv3 and prior. Microsoft is disabling SSLv3 by default, which sounds like a good move to me. Due to weaknesses in RC4, MD5, and SHA1, there are even fewer cipher suites to choose from.
Would an 'ideal' HTTPS service only enable TLS 1.0, 1.1 and 1.2 with key-size variants following ciphers? What should be the most preferred cipher suite?
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_DH_RSA_WITH_AES_128_GCM_SHA256
How can I allow user actions without knowing that the actions are theirs?
Is it possible to create a system where I get to choose who is supposed to use a specific service, but when they do something I won't know that it's them?
Think of a system where users have names they can use to append to a collaborative text file. If I handed them passwords, they would be able to use their name and their password to access the system, but at the same time when they append a string I should at no point be able to link their name to that text.
I planned on using message signing to allow users to generate their own private and public keys, then sign their messages and send the signed message to the server. However the problem here is that even though I can verify the integrity of the message itself for that public key, I can't really know if that public key is allowed into the system.
I'm really baffled at this point so as to what I can do. Why I'm worried is because this system is supposed to be secure at the point where when I give the source to someone else, they shouldn't be able to modify the algorithm to the point where they can associate actions with users.
EDIT: I guess I can word this as an anti-PKI.
Nexus 5 tips and tricks for Android 5.0 Lollipop
The Nexus 5 is a great device out of the box, but that doesn't mean it can't be made even better with a few well selected tips and tricks.
(This is a preview - click here to read the entire entry.)
Inscription à :
Articles (Atom)