* Posts by AcornAnomaly

2 publicly visible posts • joined 24 Jun 2022

CEO arranged his own cybersecurity, with predictable results


How will that help in this scenario?

Those people will still get flagged as having clicked the link.

These tests work by generating unique URLs for each tested user, and then seeing which unique URLs get accessed.

If ANYTHING accesses that URL, whether it's a security team member, VirusTotal, or a site previewer, that will still look like a failure to the ones running the test.

You're not wrong that such measures can help you validate the site without having to open a potentially hostile site yourself, but the problem in this case is users being wrongly flagged as having failed a phishing test, which will still happen with your advice.

Mega's unbreakable encryption proves to be anything but


Re: repeat after me

"Did I miss something along the way?"

An understanding of what Diffie-Hellman is for, and what it does, perhaps?

DH allows two communicating parties to generate a shared key between the two they can use for a secure communication channel, without publicly communicating anything that can be reversed to discover what the key is externally.

And yes, once communication is complete, both sides throw the key away.

The problem is, what do you do when you need the key again? Say, to decrypt your own encrypted data later? You can't, because you threw the key away. That's the point of using DH for perfect forward secrecy.

You "somehow" use DH to generate a key to encrypt a file (leaving aside the fact that DH is a key exchange protocol, meaning you need to communicate with another party to generate DH keys), encrypt the file, and throw the key away.

Congrats, you now have a pile of useless bits.