¡@
java Programming Glossary: attackerDifference between java.util.Random and java.security.SecureRandom http://stackoverflow.com/questions/11051205/difference-between-java-util-random-and-java-security-securerandom a Linear Congruential Generator The assumption that an attacker would have to wait for the LCG to repeat after a full cycle.. even produce the value by rolling a die several times. An attacker will simply compute the seed from the output values observed...
http://stackoverflow.com/questions/1163319/java-secure-session then tricking a user into using the session. Because the attacker already knows the session identifier they can use it to access..
Java and HTTPS url connection without downloading certificate http://stackoverflow.com/questions/13022717/java-and-https-url-connection-without-downloading-certificate not sure whether it's the server you expect or a possible attacker. If your server certificate comes from a well known CA part..
How to implement Java 256-bit AES encryption with CBC http://stackoverflow.com/questions/1440030/how-to-implement-java-256-bit-aes-encryption-with-cbc the phone. Since it is a public key the threat would be an attacker getting his hands on or remotely hacking into the phone and..
How to protect compiled Java classes? http://stackoverflow.com/questions/2443542/how-to-protect-compiled-java-classes to prevent decompilation of a .class file . Sure an attacker could launch SoftIce and try to trace your .exe but that will.. scheme so that with each release an hypotethical attacker has to start mostly from scratch . Of course it's easier to.. towel in and to think there's nothing I can do to make an attacker's life harder because JAD can find back the .java file anyway..
Is it really impossible to protect Android apps from reverse engineering? http://stackoverflow.com/questions/4336637/is-it-really-impossible-to-protect-android-apps-from-reverse-engineering deter static analysis but to be honest a determined enough attacker can circumvent these while it can cause legitimate user frustration..
How to create encrypted Jar file? http://stackoverflow.com/questions/537596/how-to-create-encrypted-jar-file
Given final block not properly padded http://stackoverflow.com/questions/8049872/given-final-block-not-properly-padded small it can be brute forced in some hours by a dedicated attacker. If you generate your key by a password this will get even faster...
Application vulnerability due to Non Random Hash Functions http://stackoverflow.com/questions/8669946/application-vulnerability-due-to-non-random-hash-functions of colliding keys in about 44 minutes of i7 CPU time so an attacker with about 6 kbit s can keep one i7 core constantly busy. If.. 6 kbit s can keep one i7 core constantly busy. If the attacker has a Gigabit connection he can keep about 100.000 i7 cores.. are used up Because this is just a POST request an attacker can also use innocent browsers to attack a server. Just find..
Why is char[] preferred over String for passwords? http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords using char only reduces the window of opportunity for an attacker and it's only for this specific type of attack. EDIT As noted..
What hashing function does Java use to implement Hashtable class? http://stackoverflow.com/questions/9364134/what-hashing-function-does-java-use-to-implement-hashtable-class to include a random element that makes it harder for an attacker to predict which keys will cause collisions. Some ASCII art..
Why does JPasswordField.getPassword() create a String with the password in it? http://stackoverflow.com/questions/983964/why-does-jpasswordfield-getpassword-create-a-string-with-the-password-in-it use of getText dangerous in any way Of course a dedicated attacker WILL get your password if it has compromised the system I am..
|