Jump to content
Welcome, welcome! Come in and register, and have some developer coffee. 👨‍💻 ×

All Activity

This stream auto-updates

  1. Last week
  2. This article briefly describes cryptography.. I wasn't quite sure if it is more understandable. Just like some people said.., if you are able to understand something then you can understand.. else you can't .. https://www.techspot.com/article/2323-cryptography/ In symmetric encryption, industry uses only AES and Stream Cipher such as ChaCha20 or Salsa20. GSM,DES and RC was deprecated. We should not understand a topic based on fixing a subtopic.. or limiting on using certain information to understand.. We have to look at the topic as a whole.. Hope you guys enjoy this artic
  3. Earlier
  4. Thanks for your interest. https://www.iverson.com.my/training/cyber-security/cyber-security-fundamentals/ec-council-certified-security-specialist-v9.html https://www.eccouncil.org/programs/certified-security-specialist-ecss/
  5. It is ok to share the link for this online course ?
  6. Correction: Do you mind help me in describing the pros and cons in what I am doing and also describe the pros and cons in what normal people does?
  7. Yup.. This is essential for the users.. However.. this is something that users have to think themselves.. How can they secure their device/app? The simplest solution was to use an antivirus/something similar The best was for them to practice "OpSec" I know that this do seem like convenient for most people.. However.., using these information.., based on my point of view.., is not that good and poses some ethical questions and have some drawbacks.. Like what we have seen in recent US devices left with biometric lock in the Afghanistan. That's why I said .. it's a
  8. We use a simple lock to protect some important keys. Saved private keys stored somewhere for SSH "to use it automatically". User have to secure their device / app to avoid unauthorized access. No matter password, fingerprint, iris to open some local stored key, This only available if most of the users have the "input device". Beside how to secure data and connection, Service provider have to think how could user change their devices without technical help, how to ensure that is a real user. The current accepted solution is password, additional with OTP. 🤔
  9. I am just an ordinary computer science student(diploma graduate).. My lecturers didn't mention or teach these stuffs to me. They do mentioned something related to cryptography .. but they are not explaining it in a clear way nor do spark my interests.. If you do become security specialists, do come back and read what I have typed/talked here. You will realize what I typed/talked are just the tip of iceberg. I am not a security experts by all means nor I will become.. It takes time .. not to mention the costs needed.. If I do become security specialist(can be cybersecurity/informati
  10. Chrono, were you an InfoSec student? I am starting to love your explanation. I set my goal to become security specialist one day (in fact, the course duration is 5 days only, but costs RM 5000++). I think your open-source project fits nicely in Cybersecurity subforum, do you think so? You mentioned social engineering and PKI (cryptography?), which is to be studied in the CSS(Certified Security Specialist) course as well.
  11. I forgot to mention.., when using any of the solutions/alternatives that has either "security" or "privacy" .. Do bear in mind.., they are only in infancy.. I believe that "infancy" stage will not be gone even if we become older or old man/woman
  12. OTP or common scheme works the best if you hand in your personal credentials like phone number/email address to them. There're other alternatives for sure. But giving in personal credentials are consider the most effective way to do it. If you give them the personal credentials.. Users have to trust these information wouldn't be leaked and won't fall victim to usual social engineering attacks. In general they will be using something called "PBKDF2" or "Argon2" that comes from Scrypt or BCrypt or any cryptography library. What they are doing was to take your password and derive a ma
  13. Extended to more smaller topics... Bank industry from provide security token to software token. Some OTP sms switch to app message or email. Using password to get key for decrypt, this should be most cost-effective solution. ---------- Government or some company create backdoor for their own convenient. They can do this on you, they can do this on everyone else. Trust is easy to lose, but hard to earn back. Some organization use different brands firewall together, because every brand have their weakness. (or may be they don't trust them all) People are lo
  14. I am watching this thread. If the conversation can make the forum merrier, why not?
  15. I wished I could.. but because the technology does not comes from common technology .. It's not impossible but it's very hard for me to describe it in common terms as they are not common technology in the eyes of public. Yup .., that's the problem .., if possible all my applications won't be using passwords again.. storing important keys which is similar to passwords(symmetric key/public key cryptography key's private key) will be an issue. If done correctly.. my proposed login mechanism should have a higher chance in logging into the system without the need to remember the passwor
  16. Open Source hardware is another topic which may have a lot of "trace records". To simplify this content for more "human friendly reading", may be reduce technical keyword and use more common terms. To protect data (no matter stored in local or server), using strong password (or machine generated password, fingerprint, ..., etc), everyone know, but how many people do this ? How about those software company ? Why data leak issue happened on those big software company ? What action they do to reduce the damage ? How to prevent similar issue happened
  17. Yup, that was indeed the case and it has been proven as well. However, I don't think it will be an issue. The 2nd "trusts" model consists of protonmail and tutanota that uses user password as master encryption key. If the users know what they are doing, the master encryption key can't be brute force nor it can be leaked. Given in this case, sure they(service provider) can give data to the government or any other similar agencies. However, let's be honest, if the users have good security knowledge, the data that they give to law enforcers just wouldn't be meaningful. The
  18. When you store some important things at somewhere, you should at least add some simple lock, to prevent unauthorized access. But why people forget this when online ? More government are roll out policy for online identity. All the services you used will be logged with timestamp. Irresponsible comments / sharing or forwarding of fake news may be summoned by the police. More security and data leak issue happen, some service provider may have different packages. But, they have to comply with government policy. Beside service provider, you may also have to give yo
  19. https://github.com/khanming/Pipit What is Pipit? Pipit is a new but simple programming language designed for Linux x64. The compiler itself was written in Pascal. Why another programming language? It was a byproduct while the author was learning ELF64 binary file format and Linux system programming. Moreover, Pipit is not a fully-fledged programming language, it is an experimental back-end compiler which accepts two I/O commands only. How to use Pipit? For Ubuntu and Debian, please enable permission to execute: CODE chmod u=rwx,g=rx,o=rx pipit For Chro
  20. If you understand what my real aim was in my PriSec projects, the goal was never to secure data in server. If the goal was to secure data in server.., why not I do the same thing as GDrive, Firebase, AWS or any other similar services? I don't wanna do that, it's a suicide move from security point of view.., users can enjoy ease of use but in exchange their privacy and security were sacrificed. If I "secure data" in server, I won't even bother with user's privacy and security. The question then now becomes, will the target users accept what I do? Will they able to accept the fact that they are
  21. The "trusts" was a flawed mechanism but people don't want to give an opportunity to the services that build on reducing the amount of "Trusts" needed. That's why we are still using common services. When we talk about security, there's always pros and cons. There's no such thing as 100% security/privacy. Regardless how the company/corporate or individual manage and guard. When we talk about "trusts", there're 3 levels of "trusts": 1. Users required to put "trusts" towards the service provider(example are google, GDrive, Firebase, AWS.. and even minor server/web hosting). The adva
  22. Let's talk about the good and the bad. "Trusts" (No pun intended) Everything we use online revolves around "Trusts". Majority of the services do require us to trust the service provider. However, it's up to people to decide is it naive or is it there's no other way? Why said so? I will assume you have already understand what I post regarding the Post-Compromise Security Model. Let's use this website for an example, when we ask cloudflare to sign the certificate that generated locally in this website's VPS[I know it's quite tech-savvy for people], there're 2 questions that we need to
  23. Sometime, we might think is there any alternative solution ? (correct me if any misunderstood) The main idea of this project is secure data in hosting server. If server management mistake may causes data leaked. When we store our project in a server, (server code + database) all the server side code, database config and password, all these data we want to secure. If we use the server for database only, (client app + server database) we can consider to encrypt the database, only client app have the password to open the database stored in the server. (
  24. Not sure if it's really popular lol.. After all, I am a nobody 🤣😂😅
  1. Load more activity
  • Create New...