use the following search parameters to narrow your results:
e.g. subreddit:pics site:imgur.com dog
subreddit:pics site:imgur.com dog
advanced search: by author, sub...
~4 users here now
SaiditCanary
Saidit.net Canary #13
submitted 4 years ago by magnora7 from self.SaiditCanary
view the rest of the comments →
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 4 years ago (1 child)
How many authentication bypass vulnerabilities in web applications were discovered in the past 10 years?
How would that make someone NOT post a canary over a 2 month period? If I was completely locked out of my own account for 2 months then that would mean we've completely lost control of the whole website anyway, so the signature would be redundant.
[–]danuker 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - 3 years ago (0 children)
A GPG-signed canary would allow you to publish authenticated messages irrespective of the security status of the website.
The only attackers that can fake a valid signature from a consistent key are the ones that have access to the computer used to sign.
view the rest of the comments →
[–]magnora7[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (1 child)
[–]danuker 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 0 fun3 insightful - 1 fun - (0 children)