web application – Is OAuth more secure compared to API Keys

I have worked on many API integrations scenarios, and I used 2 approaches to authenticate the API calls, as follow:-

  1. Using API Keys

For example inside hubspot integration i use this web call to get all the accounts using API Key:-

https://api.hubapi.com/companies/v2/companies/paged?hapikey=**********&properties=website&properties=mse_scan&properties=phone&limit=100
  1. Using OAuth.

For example inside SharePoint >> I create an app which generate a ClientID & ClientSecret, then inside my project web.config i pass/define the clientID & CleintSecret

 <appSettings file="custom.config">
    <add key="ClientId" value="e****7" />
    <add key="ClientSecret" value="**=" />
  </appSettings>

now in both cases we have confidential info been passed/stored, either APIKey or ClientID and ClientSecret. so can i say that from a security point of view I can not say that oAuth is more secure compared to using APIKeys? as if someone (let assume a hacker) get the APIKey then he can integrate with the our application + if a user got the ClientID and ClientSecret then he can integrate with the application as well..

web application – Watering hole Website NTLM Steal Attack

Im trying to recreate a Watering hole SMB theft attack
Where you send a victim a link to your website containing code like “file://ip/file.gif”
Causing Forced Authentication which passes the NTLM hash
I have the code which execute the process (check reference links)

But how can i retrieve/steal the NTLM hash back over the internet remotely without being on local network?

This process can be done locally very easily but im struggling with finding an NTLM listener to use over the internet remotely on a website

Reference:
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/leafminer-espionage-middle-east

Newly Discovered Watering Hole Attack Targets Ukrainian, Canadian Organizations


https://unit42.paloaltonetworks.com/xhunt-campaign-new-watering-hole-identified-for-credential-harvesting/

WoWonder Combined Chat Timeline And News Feed Application For WoWonder PHP script

WoWonder Combined is a social timeline with chat application for WoWonder PHP Social Network, with WoWonder Timeline users can Post & Interact with users feeds and like and comment and more , now using the application is easier, and more fun !

WoWonder Combined Version is easy, secured, and it will be regularly updated.

Requirements:

WoWonder PHP 3.0.2 or…

.

design – File parsing in UI Layer or Application Services Layer

Let’s say that I have a list of financial transactions that I need to read in from the file. I want to make the best guess I can at what account should be credited/debited based on the transaction memo compared to past transactions.

For example, if Wal-Mart was used with ‘Shopping’ then if a transaction that gets read in from the file with Wal-Mart as the description should show ‘Shopping’. If there cannot be a match found, then the application should make the best guess and get feedback from the user. If there is not a best match then the user should be asked which account makes most sense.

To me, there is a lot of interaction with the user so it would make sense that this should all live in the UI layer. Once all the transactions are paired with accounts, then it should be sent to the Application Service layer to be saved.

Right now I’m just using a CLI, so I could inject an object that inherits from a ‘Presenter’ interface that the Application Service uses; however, this will not work when I get rid of the CLI and want to use a REST API around the Application Service layer.

Does it make sense to just include all this logic in the UI layer?

url – How to intercept application specific MIME types used by 3rd party (Windows) browser/plugins apps?

I’m trying to intercept and decipher scripted code that is sent to a previously installed Windows application, after a user have clicked on a particular URL in their web browser which is somehow returning a MIME response that is intercepted by the Win app and processed as a script/program.

The particular example of concern, is how the (Windows) trading application Think-or-Swim (aka. TOS) is downloading and running user scripts from either a custom URL handler of the form: tossc:XXXX or using a standard URL like http://tos.mx/A1PZUml which then sends one of the MIME types:

x-scheme-handler/tossc
application/x-tossc
application/x-thinkorswim

I have posted a similar question on SO here but I don’t think that forum is appropriate for this question and hope someone here would a have some more technical know-how of how to do this and also explain what’s going on. As you can tell I am probably not even using the correct language for asking the question in a clear manner. So feel free to correct me or this post.

Q: How can I intercept and inspect code that is loaded in this way?

(Hoping to also learn what is going on and how this is done, or an be done, by e.g. python?)

XSNews | Android News/Blog Multipurpose Application [XServer]

Overview​

XSNews is the right solution for those who need to quickly make a mobile app to showcase your Blog or Magazine articles, with the power of XServer as backend.

Features​

Java/XML language – Native Android Studio project – Edit the template as you wish with the power of Android Studio and Java code.

Android 6.0 and above, Universal –…

.

real analysis – Application of the mean-value theorem for general intervalls

Is $Isubseteqmathbb{R}$ an intervall and $f: Itomathbb{R}$ a differentiable function with bounded derivative $f’: Itomathbb{R}$, then $f$ is Lipschitz-continuous.

This is supposed to be an application of the mean-value theorem.
What gets me is the use of unspecified intervalls. So $I=(a,b), (a,b), (a,b), (a,b)$, as the mean-value theorem holds for differentiable functions defined on a compact intervall (a,b).

Every resource I looked it up proofs this result for compact intervalls, but I was unable to give a counterexample for say $I=(a,b)$, because of the bounded derivative.

But how does one relax the condition to $I=(a,b)$ to apply the mean-value theorem?
I thought that one might can proof that for $I=(a,b)$ you are able to continuously extend to $(a,b)$.

Thanks in advance.