Which attack involves an attacker forcing a victim to authenticate with a pre-selected session ID?
Blog
Referrer validation is sufficient for all sites, including t…
Referrer validation is sufficient for all sites, including those that expect cross-origin requests from trusted partners.
In Diffie-Hellman key agreement, the shared secret z is comp…
In Diffie-Hellman key agreement, the shared secret z is computed as:
A major vulnerability of traditional PKI is:
A major vulnerability of traditional PKI is:
What is a chain of trust in PKI? Describe the role of root c…
What is a chain of trust in PKI? Describe the role of root certificates, intermediate certificates, and leaf certificates in this model, and explain why a missing or untrusted link breaks validation.
In TLS, after asymmetric cryptography is used for authentica…
In TLS, after asymmetric cryptography is used for authentication and key exchange, the connection usually switches to:
In DNS cache poisoning via ID guessing, the attacker:
In DNS cache poisoning via ID guessing, the attacker:
Which XSS type occurs when malicious input is stored in the…
Which XSS type occurs when malicious input is stored in the website’s database and later displayed to other users?
Explain the purpose and construction of HMAC (Hash-based Mes…
Explain the purpose and construction of HMAC (Hash-based MessageAuthentication Code). Compare it to a simple MAC construction like h(k ⊕ d),and describe the specific vulnerability (such as length-extension) that HMACaddresses and how it mitigates it. [8 Points]
A common XSRF defense that binds a token to the session ID u…
A common XSRF defense that binds a token to the session ID using an HMAC (no extra server state) is called: