Information Security *

Issue

Example

const decoded = jwt.verify(
   token,
   publickRSAKey,
   { algorithms: ['HS256'  , 'RS256'] }          //accepted both algorithms 
)

//header 
{
alg: 'RS256'                         =>  'HS256'
}
//payload
{
sub: '123',
name: 'Oleh Khomaik',
admin: 'false'                       => 'true'
}

Let's take a deeper look at the Q1 2023 DDoS attacks mitigation statistics and observations from Qrator Labs' perspective.

Now that 2022 has come to an end, we would like to share the DDoS attack mitigation and BGP incident statistics for the fourth quarter of the year, which overall saw unprecedented levels of DDoS attack activity across all business sectors.

In 2022, DDoS attacks increased by 73.09% compared to 2021. 

Let's take a closer look at the Q4 2022 data.

I frequently hear questions like "How to implement authentication in an Android app?", "Where to store a PIN?", "Hey man, will I be secure if I implement an authentication feature in such a way?" and a lot of the kind. I got really tired answering these questions so I decided to write all my thoughts about it once to share with all questioners.

На прошлой неделе в Лас-Вегасе прошла очередная парная конференция DEF CON / Black Hat. На этих двух мероприятиях регулярно проходят презентации интересных исследований в сфере информационной безопасности. Этот год не стал исключением, и сегодня мы расскажем о нескольких примечательных докладах: о безопасности Wi-Fi в общественном транспорте, об уязвимости сейфов с электронными замками, о проблемах в ноутбуках Dell, а также о способах взлома корпоративной инфраструктуры при помощи искусственного интеллекта.

With the end of the 2022' third quarter, we invite you to take a tour into DDoS attacks mitigation and BGP incidents statistics recorded from July to September.

The second quarter of the year has ended and, as usual, we take a look back at the mitigated DDoS attacks activity and BGP incidents that occurred between April and June 2022.

Introduction

Google shut down their social media platform Google+ on April 2, 2019. It’s hard to find some technical article that hasn’t mentioned the end of Google’s social network era. But, a high level of consistency in connectivity within services of the company had received scant attention. In this article I would like to share my thoughts on the internal way of Google services consistency and what it means for Google API users when it comes to a Google+ shutdown.

Hi to everyone!

I'm new here. Someone told me that Habr is like russian reddit for developers (and maybe not). And I'm here today to share my story and get opinions from you, part of this community.

In August 2024 I visited Moscow, and got Russian starter pack, even if foregneir :-)
Will be useful later because I'm moving here, Русский язык coming soon, извините!

So let's start with getting a new bank account, make a new mobile number and start to register to some essential service platforms like Metro, Gorod, ВВ, Perekrostak and Yandex for delivery and taxis. And in every service I found something strange. A certain "Ivan" (I've changed the name for privacy) is present in all my accounts where I try to register.
That's it! The phone number that my bank gave me was just.... recyled! So I could start to get personal data through all these existing account on this new phone number of mine but the most shocking thing occured today!

Alarm on 9:00, I woke up and I got a message by Yandex:

Automation can be an exhilarating, albeit exhausting, journey‑especially for those just dipping their toes into it. The tasks are often labeled as “interesting” or “non‑standard,” which, let”s be honest, often translates to “challenging” or even “impossible.” Among these challenges, one question halts around 50% of novice automators in their tracks: How to bypass CAPTCHA!

Hey! My name's Kirill Ziborov and I'm a member of the Distributed System Security team at Positive Technologies. In this article, I'll be continuing the discussion of methods and tools for the formal verification of smart contracts and their practical application to prevent vulnerabilities. The main focus will be on the deductive verification method, or more precisely, the ConCert framework for testing and verifying smart contracts.

A group of Indian scientists has published an overview of modern methods of Internet blocking introduced by government agencies, using the example of their own country. They studied the mechanisms used by Internet service providers restricting access to prohibited information, assessed their accuracy, and the ability to bypass such blocks. We would like to bring to your attention the main theses of this work.

• A short excursion into WeChat;
• About the platform, the version of the application, the utilities used and the decryption of the executable file;
• • About two protocols (old one and new one);
• About serialization of objects;
• Used cryptography and key exchange;
• About headers and hash-functions;
• About the exposures found.

The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).

What would be the standard quick security related tuning to configure before you install the meat?

release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)