An attack was published against Tor users that deanonymized them based on DNS. Here we see how Exit Operators can protect the users from these attacks.
A blog post on how a small group of people organized an educational event with a Capture the Flag contest in AUTh. The story and what I learned.
In this blog post I describe how an attacker got my personal information just by using eBay. It is based on a real story and should not be used as a guide.
Certificate Transparency is a project started by Google in order to allow anyone to verify the practices of all Certificate Authorities. In this post, we take a look.
A blog post about Tor Hidden Services and the announcement of the Official DaKnObNET Hidden Services, which allow visitors to access my websites over the Tor Network, in the form of Hidden Services.
I examine the security of the popular movie and TV series piracy application "Popcorn Time", and find multiple critical vulnerabilities that range from application code execution, all the way to remote code execution, for a full computer compromization, by executing arbitrary shell commands.
In this blog post I talk about password managers, and how security questions can actually reduce your security. All this, over a nice, real life story I had with a customer service representative, who didn't like my first school's name, DzLCMpeyuAhAT>RgTuvJPna2s3K)8dUM^V$(QUNu#omuByCvJ8.
In this blog post I go over the vast gap between math and implementation (software code) in terms of security, by examining the case of online voting. In addition, as an example, I am disclosing some security vulnerabilities found in an online voting software.
In this blog post I attempt to examine what is the current best TLS configuration for your web (or not) server, and why answering this question is really not that simple.
This blog post contains a bug I found in Google Chrome and the Chromium browser in which the software failed to update the GUI of which certificate is used, therefore showing the previous certificate to the user, even in cases where the certificate has actually changed in the server.
During a store visit, I discovered a secure lock that used an RFID access card to limit access. But there was a way to easily bypass it.