Questions tagged [tampering]
Tampering refers to the unauthorized access or modification of a good or device. Use this tag for question regarding the process of tampering, the protection against tampering, or the detection thereof.
62
questions
1
vote
0
answers
21
views
"PUF CRPs authentication requires trust in manufacturer since it's him who performs the storage of CRPs"....?
"PUF CRPs authentication requires trust in manufacturer since it's him who performs the storage of CRPs".
So does it mean that we have to trust manufacturer, because he could replace the ...
1
vote
0
answers
38
views
Is PUF Challenge-Response Authentication applied on every power-up event? [closed]
Are PUFs used, EVERY time we power on the computer to verify that nothing has been tampered with (by using CRP authentication)?
Which element performs this authentication? (bios, secureboot, I don't ...
1
vote
1
answer
50
views
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key?
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key? Me, owner of this laptop, how can I know the key to use to access my own laptop ...
-1
votes
2
answers
216
views
Laptop Repair vs. Evil Maid
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent ...
0
votes
2
answers
309
views
Is encrypting a query parameter within a URI a security best practice?
Assumption a customer is sitting in a public area connected to a public wifi. A threat actor can access the customer's browser and read all Javascript variables.
Step 1. example.com server sends the ...
0
votes
2
answers
162
views
how should a web application verify a redirect comes from a trustworthy source?
This document has a sequence diagram (annotated and shown below) explaining how Stripe handle's a Checkout Session.
My question : When a customer is returned to the successUrl = www.example.com/some/...
0
votes
2
answers
1k
views
What is a proper way to prevent parameter tampering and to make parameter secure
I'm developing a HTTP web server. I've used HTTPS as the protocol between client and server but I know that HTTPS can't prevent parameter tampering.
As we know, we can set parameters in URL, in HTTP ...
1
vote
1
answer
353
views
Windows 10 Update - Man In The Middle Attack - Tamper Update [duplicate]
I am connecting to a wi-fi network and blocked all IP addresses in this network with a regular Windows 10 firewall. The only available IP addresses are:
192.168.1.1 = gateway
192.168.1.102 = my own ...
0
votes
0
answers
404
views
sqlmap tampered payload doesn't insert correctly
My problem is that I have made my own tampered payload that should convert the actual payload to hex format.
You can see from the log that the tampered payload is correct, but in the post data "...
6
votes
4
answers
5k
views
Does client-side data tampering allow more than just evading validation? Dictionary attacks? Brute-force login attempts?
I am trying to better understand and determine the impact and implications of a web app where data tamping is possible.
When discussing data tampering, I am referring to when you are able to use a ...
0
votes
1
answer
418
views
Preventing Windows from seeing/tampering with linux drive
Is there a way to prevent a Windows 10/11 system to access/modify/delete data from a secondary linux drive?
I understand I can encrypt the linux drive, but wouldn't the windows system be still able to ...
1
vote
1
answer
499
views
How secure is Heads for detecting tampering or infection of firmware or boot sector? (Pureboot)
I'm thinking of getting a Librem laptop with Pureboot which uses Heads (with the Librem key) for tamper detection. But I've heard rumours that there are weaknesses or vulnerabilities so I wanted to ...
3
votes
0
answers
230
views
Can the glue of glitter-hot-glue sticks be used to provide evidence of electronics-hardware tampering?
I've been researching low-cost, yet strong, tamper-evident mechanisms, and purchased some low-cost glitter-hot-glue sticks as part of this research. The Amazon page advertising the sticks, seems to ...
0
votes
1
answer
381
views
Any there any tools like Burpsuite that fully support HTTP/2? [closed]
Nowadays websites start migrating to HTTP/2, but Burpsuite hasn't fully support HTTP/2 yet. I know HTTPCanary is good and support multiple protocols like replaying HTTP2 and even TCP/UDP, but that ...
12
votes
4
answers
3k
views
What's the point of providing file checksums for verifying downloads? [duplicate]
Many projects offering binaries, also offer hashes (e.g. SHA256) of those binaries, wither as .ASC files, or directly on the web page near the binary. This isn't to protect against network-caused ...