Timeline for Why do some people really hate security via client-side?
Current License: CC BY-SA 3.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 6, 2015 at 23:36 | comment | added | rook | @Pacerier I am a penetration tester, I study how software is built and how it fails. | |
| Apr 6, 2015 at 1:56 | comment | added | Pacerier | @rook, Ic, so you study penetration testing. | |
| Apr 5, 2015 at 18:40 | comment | added | rook | @Pacerier In my mind, hacker is just a title earned by a highly skilled engineer. No programmer wants to write insecure code, and in order to be a successful penetration tester you have to understand how the application works better than the engineers who wrote it. Studying compsci and understand the theories behind application design is just the first step. | |
| Apr 5, 2015 at 17:28 | comment | added | Pacerier | @rook, Ic, do you study compsci? | |
| Mar 29, 2015 at 19:44 | comment | added | rook | @Pacerier I'm in my twenties, and I first started releasing exploits when was in my teens. | |
| Mar 29, 2015 at 7:22 | comment | added | Pacerier | @rook, I see alot of your answers, and I'm wondering What's your age? | |
| May 20, 2011 at 9:48 | comment | added | Stephen Paulger | +1 for good answer and showing me owasp. Could be useful for explaining threats to less technical people. | |
| May 19, 2011 at 4:37 | history | edited | rook | CC BY-SA 3.0 | added 1 characters in body |
| May 18, 2011 at 20:13 | comment | added | Piskvor left the building | well, if you reuse it, then it's hardly a nonce anymore, is it? ;o) Just goes to show that Security Is Hard. | |
| May 18, 2011 at 19:55 | comment | added | rook | @Piskvor actually the SMB protocol did something very similar. A CVE was issued because the nonce would repeat after a couple thousand tries. If you sniffed the wire looking for the Nonce, then you can keep trying to replay the login until the server reuses the nonce. | |
| May 18, 2011 at 19:42 | comment | added | Piskvor left the building | OTOH, if you hashed (salt+password+nonce), then it becomes a one time password (no replay); that, however, is kind of pointless over HTTPS (not to mention that the browser already implements that as HTTP Digest Auth). | |
| May 18, 2011 at 18:36 | vote | accept | Incognito | ||
| May 18, 2011 at 18:32 | history | answered | rook | CC BY-SA 3.0 |