Can a Linux context switch leak secret information?
Suppose that my secret key is fully stored on processor registers and Linux OS performs a context switch on my process. General purpose registers probably will be used by the OS during the context switch, but SIMD register not. Are registers cleared or they are given unmodified to next executing process?
See also questions close to this topic
How to resolve 100% packet loss while pinging an external server such as google from Kali Linux running in virtual box?
I'm a beginner in Kali Linux and I am not able to ping external servers such as google. (100% packet loss).
I am a student and I use my institute's internet which has to configured with proxy. I configured the proxy in the settings of Kali Linux as well as the terminal (http, https and ftp). When I ping google, nothing happens and when I use ctrl+c to end the ping, it shows 100% packet loss.
I use a MacBook Air and I am not able to ping google on the Mac terminal as well. It shows:
Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2
and so on.
I want the terminal from Kali Linux to ping an external server, but that is not happening. It is not happening from the Mac terminal as well. How do I resolve this ?
How to avoid using shell = True
I have three questions about the code below:
- Both lines produce the same results. Is there a reason to pick Popen over check_output?
- If cmd = "ls -l ~/Desktop", it will not execute.. how do i fix that?
How can i do step #2 without the shell = True command?
def get_output(cmd): output = subprocess.Popen(cmd.split(), stdout = subprocess.PIPE, stderr = subprocess.PIPE, universal_newlines=True).communicate() print(output) print() output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode() print(output) get_output("ping -c 4 22.214.171.124")
I have Apache2 installed on my Debian9 server and Apache 2 does not launch
Good day, I have Apache2 installed on my Debian9 server and Apache 2 does not launch. I get the following error. At the config, etc I have not changed anything.
* apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2019-01-20 03:26:18 CET; 15s ago Process: 23823 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS) Process: 23831 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS) Main PID: 23835 (apache2) Tasks: 55 (limit: 4915) CGroup: /system.slice/apache2.service |-23835 /usr/sbin/apache2 -k start |-23838 /usr/sbin/apache2 -k start `-23839 /usr/sbin/apache2 -k start Jan 20 03:26:18 vps626 systemd: Starting The Apache HTTP Server... Jan 20 03:26:18 vps626 apachectl: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using MYIP. Set the 'ServerName' directive globally to suppress this Jan 20 03:26:18 vps626 systemd: Started The Apache HTTP Server.
How do chat applications encrypt group messages?
This question is about techniques and architecture.
Apps as Telegram/WhatsApp offers encryption p2p on messages, but how does it work with groups?
Example: One room(chat group) have n users(participants), so the users need one public key to encrypt data, but... n users need access to the privatekey to decrypt message?
So, technically, if some external user intercept communication can download the private key? This private key is only for this group?
Security Risks of keeping JSSESIONID cookie even after window is closed
I am currently working for a bank web application and I am being asked to extend the max-age of the session cookie which is being set at client side, let me explain why is this needed:
This same script for onetab can be used if the session cookie is present after restarting the window, the issue is that this cookie is deleted when the browser is closed.
Is there any security risk if we change the max-age of the JSESSIONID cookie ? to for like 8 mins more after he closes the session? thanks in advance.
Is there a RIGHT approach for securing data further by doing an IP match?
So here is an approach I was thinking of:
PROBLEM: - after you have done everything possible to secure your servers and client app. I wanted to add an extra layer to make sure even if a user looses access to their data, they can only really affect their own little space in a shared database. (obvisouly authentications are in place but this is the basis of the authenticatino model)
SOLUTION I HAD IN MIND: - I wanted to add a "hidden" field that stores users IP addresses. This means when a user does the normal password and usenrame entry, they also have to verify whether the machine they are using is their own, and thus we store that IP address by taking it from their request. Later if they need to log in again they can, but if they want to retrieve data, the look up on the router server will recieve the IP from the request, add that onto the message as part of the filter parameters. Once it queries the database if the combination of IP + data that users wants is found then it sends that back.
If a different IP is detected then no data exists in the server so nothing is sent back. which would initially be done on login and would trigger a mail to the user to verify the machine they are using is trusted.
Is there an easier way? is this overegging? Thanks, Alex
Tried ip-request module in Express, works fine, but wanted to know if there was a potential security threat with the way I am using this and it will be implemented before proceding.