tls – posting HTTPS without specifying a protocol – sure?

I have a form that is on a secure page (HTTPS) and will be published on another page.
The form action does not specify the protocol, but I assume that the same protocol is used as on the page from which it originated. See below:

I think this works because the relative URL uses the same protocol as the page where it resides. Therefore, all traffic is encrypted.

However, I was recently contacted by someone who told me that the form is insecure and the information is being transmitted in clear text. I accept You've just checked network traffic with your browser development tools (they sent me a screenshot of their data on the Google Console Network tab).

Better safe than sorry!

Cryptography – Secret Key Sharing Protocol

I need to find the simplest and most robust secret key sharing protocol possible.

In the beginning Alice shares a key Kas with the server and the same for Bob (kbs), but Alice and Bob share no secret.

regulate

  1. Every time B stops thinking that he has received data K from A, A has sent K well to B.
  2. Each time A ends sending data K to B, B has received K.
  3. The data K is a secret between A and B (and the server that is believed to be trustworthy).

The proposed protocol may only use symmetric encryption, hash functions, and pairing.

Which protocols that meet these conditions exist today?

I still need help images in wp-content / uploads / that are not displayed in my media library and uploaded via the FTP protocol

If I post this question again, my username was not transferred and I can not respond to comments, but I'm still having trouble getting to my image files in the media library. These should be displayed as I have transferred my WordPress website from my website to live local server, in the image below you can see the files live in the correct directory-
wp-content / uploads /

Enter image description here

I also tried dragging and dropping an image into my media library, but got the error message "Post failed to paste into database".

I have checked my permissions twice and they are correct with folders at 755 and files at 644.

My wp-config.php file is also set to the correct table for my .sql database

I've also included this code define (& # 39; WP_MEMORY_LIMIT & # 39 ;, & # 39; 1024M & # 39;). on the wp-config.php file, so this is not the problem

Thanks for your help

Raspberry Pi – Where can I find a useful protocol if Bitcoind was stopped for no apparent reason?

I run bitcoind (Bitcoin Core) on a Raspberry 3B and the process "disappears" from the list occasionally top, The protocol debug.log shows no etries, last entry is usually similar

2019-11-08T20:21:33Z UpdateTip: new best=0000000000000000001dd32ef554a1bb9e204d6f46ab345302019412ac2f6af9 height=506280 version=0x20000000 log2_work=87.972007 tx=295647959 date='2018-01-27T01:16:11Z' progress=0.631698 cache=13.3MiB(59241txo)

What could be a reason and where could I search?

My configuration for my low-memory system is:

 $ cat bitcoin.conf
daemon=1
#printtoconsole=1

# is required by Fail2Ban described below
logips=1
# magic RBP optimisations
maxconnections=40
maxuploadtarget=5000

# running without swap
dbcache=100
maxorphantx=10
maxmempool=50

txindex=1

rpcuser=...
rpcpassword=...
rpcclienttimeout=300
server=1
#datadir=/home/bitcoin

Exim mainlog Meaning of the auth_relay protocol line

In / var / log / exim / mainlog, there were two lines related to my hosting account with the username "user" and the domain.net account domain.
It is alleged to be related to SPAM and I would like to ask you if you can explain in detail how these log lines are to be read so that I can find out exactly how the site is exploited by the spammer so I can fix it. Thank you very much


messageid1 ** me@gmail.com F= R=smart_route T=auth_relay H=smtp.mailchannels.net (52.35.171.68) X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256...
Code (surcharge):

Exim mainlog Meaning of the auth_relay protocol line

Domain Name System – Create an SRV record that references another A record based on the protocol used for access.

scenario

  • I have a domain called contoso.com.
  • I have a website that I want to access with an A record that points to @ with an IP address of 5.5.5.5. (contoso.com refers the browser to the website via 443 / https)
  • I also have a Minecraft server with public IP address 6.6.6.6 running on 25575. I also want to access it through contoso.com.

How can I create an SRV record to accomplish this?

I tried the following:

A records

  • @: 5.5.5.5
  • web.contoso.com: 5.5.5.5
  • minecraft.contoso.com: 6.6.6.6

SRV records

Priority Name Weight Port Points to TTL

  • 0 @ 0 25575 minecraft.contoso.com. 1800
  • 0 @ 0 443 web.contoso.com. 1800

This does not seem to do the trick, minecraft.contoso.com will work and web.contoso.com will work alone. But not if you want to access contoso.com alone.

apache 2.4 – No protocol handler was valid for the URL / (schema # ws #)

When trying to set up a Websocket proxy with Apache2, the following error message appears:

 No protocol handler was valid for the URL / (scheme 'ws'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule

The wstunnel module of the Apache server is loading. The following is the result of & ap; apach2ctl -M & # 39;

Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php7_module (shared)
proxy_module (shared)
proxy_connect_module (shared)
proxy_fcgi_module (shared)
proxy_html_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
xml2enc_module (shared)

Suggestions are welcome.

Man in the Middle – Why is the HTTP protocol more vulnerable to interception than the BitTorrent protocol?

The difference is that the BitTorrent protocol has a mechanism to check that you have received what you want to receive, while HTTP does not.

HTTP does not have a mechanism to verify that you are actually connected to the server you want to connect to. If circumstances permit, HTTP is theoretically vulnerable to man-in-the-middle attacks. That said, from your side it looks like you're connected to example.com, but in fact you're connected to a third party that intercepts traffic, manipulates network traffic, and just looks like you're using example.com connected. You will then be prompted to download a specific file, but the man (or woman) in the middle will send you a malicious file instead. (Incidentally, properly configured HTTPS, with Sprevents this.)

A file that is transmitted via BitTorrent, however, is first divided into chunks. Each of these chunks is then hashed using SHA-1, i. H. The torrent creator generates a checksum. The hashes are reported to every BitTorrent client prior to download – usually included in a .torrent File. When the file chunks are then downloaded by the client, they are first hashed by the client itself and compared to the previously received hash. Only if the hash match, which means that the block contains exactly the same bytes as the expected block, will it be accepted. It is virtually impossible to make modified chunks that have malicious content but retain their original hash sum.

Since these hashes are shared with you before downloading, presumably from a trusted source, it is more difficult (if not impossible) to manipulate the expected files during transport when received via BitTorrent, compared to an HTTP download.

If your hashes or torrent files are compromised before downloading, validating the checksum provides no security.

Open Graph Protocol – Twitter card on Twitter with big picture disappears after about a week

I let users upload URLs to share on Twitter and get them twitter:image as a big picture card. They are fine at first, but after a while (about a week) they disappear and look like the Twitter card below. How would I go about fixing that? They work on mobile devices, but not on the web. Is this not recoverable but normal behavior of Twitter? My meta tags seem to be correct and are below?






Big picture disappears

Thank you in advance!