Just generally, don't write SQL queries as strings. An ORM is one option, language-level extensions another. But for that you need some good macros in your language - or convince the maintainers of your compiler to add it to the language (like Microsoft did in C#).
They didn't seem that severe to me, they seemed pretty minor actually. Especially if your attack vector is solely a read attack rather than a read-write attack.
> EncFS is probably safe as long as the adversary only gets one copy of the ciphertext and nothing more. EncFS is not safe if the adversary has the opportunity to see two or more snapshots of the ciphertext at different times. EncFS attempts to protect files from malicious modification, but there are serious problems with this feature.
Which, seeing as my current major use case is to lock down Dropbox, kind of renders it useless for me.
The CTFs I've played usually had a good mix of web stuff and binary exploitation.
Also, the best way to learn this stuff is to do it. Even if this seems out of your league, I'd suggest to just join a team and start playing - if that kind of thing seems interesting to you.
You don't have to apply the CBC mode to complete files. If it is secure for a 1 MB file, I don't see why it would be insecure for 100 parts of a 100 MB file.
If you manage to merge small files into the same blocks, you even gain some privacy because the server can't even tell the number of files anymore.
[1] also has a discussion of the trade-offs of the different modes of operation for whole disk encryption. That seems related here because nobody wants to rewrite the whole disk after changing the first byte.
You do have some information in the browser you can't get to from the outside. For example, the filter with the most hits for me is "@@||192.168.$xmlhttprequest", which whitelists XMLHttpRequests to 192.168.*. A proxy can't really tell the source of a HTTP request. But that kind of thing is sometimes the only indicator telling the difference between an ad and useful content.
Hmm, I considered this possibility in a comment, incidentally two hours before yours, below. Let the CA have an ability to revoke certs, I'm not suggesting against that. I'm suggesting a method in addition to it.
> In my opinion, most of TCP's semantics arise not out of the network, but rather the data itself. I can't have packets getting lost in the middle of an SSH session: it just doesn't make sense. My keystrokes are a stream of data that must be in order, and must be delivered: thus TCP.
Mosh[1] is basically (a better) SSH over UDP. It fares a lot better than SSH on mobile connections. It does away with hanging connections and such nonsense.
If Github would only host git repositories, you'd be right. But people use Github for the issue tracker, source browser, code review system. Those are just as centralized as the svn server. And in my opinion, they are at least as important as a source control server to get things done.
It isn't the default for most people. Download a browser and OS localized to German, French, or British English and Accept-Language defaults to that instead of "en-US".
