Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Computer Security

There is no way to show SSL certificate in Safari on iOS

Problem: There is no way to show SSL certificate in Safari on iOS. Reason: It seems to be by design. Solution: Use Chrome for iOS. Note: You can view SSL certificate on https://www.digicert.com/help or other SSL diagnostics services, only …

How to capture network packet without additional software in Windows

(A) Use "netsh trace" command pros: You can use it in isolated network. cons: You should convert the captured file with Microsoft Message Analyzer if you want to see packets with Wireshark. (You can also view the packets with Microsoft Mes…

Pause before HTTP redirect (302) and get redirection URI with Chrome developer tools

Context When you try to attack to OAuth2 Authorization Code Flow with CSRF (See RFC 6749 "10.12. Cross-Site Request Forgery"), you have to pause before redirect in order to get redirection URI, because the redirection URI is unique and wil…

Who does recommend to encrypt the attachments in email

In Japan, so many companies have their own security policy like "When you send email with attachments, you must zip all the attachments with password, and send the password in another email". Some say this policy is pointless, but on the o…

What can you do with account lockout and its unlock

Purpose of account lockout These are some purpose for account lockout, such as: Detect login attempts 1 Example: Logging 2 Slow down login attempts Example: Duration-based lockout, scrypt, Argon2 Interrupt login attempts Example: Requires …