Posts

Side-channel attack

Image
In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs). Timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited.

An attempt to decode RSA ... Key bits using power analysis. The left peak represents the CPU power variations during the step of the algorithmwithout multiplication, the right (broader) peak – step with multiplication, allowing an attacker to read bits 0, 1.

Side-channel attack. (2018, April 27). Retrieved from https://en.m.wikipedia.org/wiki/Side-channel_attack

Public Key Certificates

A public key certificate provides a safe way for an entity to pass on its public key to be used in asymmetric cryptography. The public key certificate avoids the following situation: if Charlie creates his own public key and private key, he can claim that he is Alice and send his public key to Bob. Bob will be able to communicate with Charlie, but Bob will think that he is sending his data to Alice. A public key certificate can be thought of as the digital equivalent of a passport. It is issued by a trusted organization and provides identification for the bearer. A trusted organization that issues public key certificates is known as a certificate authority (CA). The CA can be likened to a notary public. To obtain a certificate from a CA, one must provide proof of identity. When the CA is confident that the applicant represents the organization it says it represents, the CA signs the certificate attesting to the validity of the information contained within the certificate. A public ke…

Raid 5, Raid 1+0 & Raid 0+1

RAID 5
The minimum number of disks in a RAID 5 set is three (two for data and one for parity). The maximum number of drives in a RAID 5 set is in theory unlimited, although your storage array is likely to have built-in limits. However, RAID 5 only protects against a single drive failure.

Cited From : http://www.computerweekly.com/answer/RAID-5-recovery-What-is-the-maximum-number-of-physical-drives-in-a-RAID-5-configuration



RAID 0+1  vs  RAID 1+0

Got a bit of difficulty of understanding and interpreting this ?

Start with the last number it will be easier

RAID 0+1  : Mirror of Stripes (Raid 0)

RAID 0+1 means arrays implemented as RAID 1, whose elements are RAID 0 arrays.


RAID 1+0  : Stripes of Mirrors (Raid 1)

A RAID 1+0 array is implemented as RAID 0, whose elements are RAID 1

You can read more on this here : http://blog.open-e.com/what-are-raid-1-raid-10-and-raid-01/

General Data Protection Regulation (GDPR) requirements, deadlines and facts

Following article cited from www.csoonline.com website

What is the GDPR? GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. The GDPR also regulates the exportation of personal data outside the EU.
And non-compliance could cost companies dearly.
Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.
The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what const…

MySQL - Detect "Too many connections" error and show alternate web page

If you get a Too many connections error when you try to connect to the mysqld server, this means that all available connections are in use by other clients. The number of connections permitted is controlled by the max_connections system variable. The default value is 151 to improve performance when MySQL is used with the Apache Web server. (Previously, the default was 100.) If you need to support more connections, you should set a larger value for this variable.
Solution provided by user Rob Williams:
<?php
$link = mysql_connect("localhost", "mysql_user", "mysql_password");
if (mysql_errno() == 1203) {
// 1203 == ER_TOO_MANY_USER_CONNECTIONS (mysqld_error.h)
header("Location: http://your.site.com/alternate_page.php");
  exit;
}?>
REFERENCE : https://dev.mysql.com/doc/refman/5.5/en/too-many-connections.html

How security audits, vulnerability assessments and penetration tests differ

security audits vs vulnerability assessments vs penetration tests
vulnerability assessment
A vulnerability assessment is a practice used to identify all potential vulnerabilities that could be exploited in an environment. The assessment can be used to evaluate physical security, personnel (testing through social engineeringand such), or system and network security. Most commercial organizations just want their systems and networks assessed. This means an individual or team runs a scanning tool (Internet System Scanner, Heat, Nessus, etc.). These tools identify running services that typically have vulnerabilities that can be exploited, operating system and application identified vulnerabilities, missingpatchesand hotfixes. The result, depending upon the product, is a long list of every computer system by IP address and their associated vulnerabilities and steps on how to "fix" the vulnerabilities. However, just because something is identified as a vulnerability, does not neces…