Alexei – WindowsTechs.com

Is having a local Antivirus and possibly other corporate protection layer enough to safely disable Windows UAC messages? [closed]

Posted on July 10, 2022 by Alexei

Context
I have recently helped a colleague set up her developer machine (Windows 10) and realized that the User Account Control setting is disabled (Never notify). Considering a fairly recent security event and the top management message t… Continue reading Is having a local Antivirus and possibly other corporate protection layer enough to safely disable Windows UAC messages? [closed]→

Is there any type of cyber attack for which the geographical distance between the attacker and the target matters?

Posted on May 11, 2022 by Alexei

Context
I cannot remember the source, but it was most likely within the comments box for a clip about cyberattacks happening after the Russian invasion of Ukraine. It was something along the lines:

comment: party X moved its hackers close… Continue reading Is there any type of cyber attack for which the geographical distance between the attacker and the target matters?→

Does it make sense to not use a VPN while consuming some services such as Internet Banking?

Posted on January 12, 2022 by Alexei

I have recently watched an interview with a guy discussing how to drastically diminish your digital footprint. One of the points argues that VPNs should be used all the time:

DO NOT use a VPN when dealing with banking services or anything… Continue reading Does it make sense to not use a VPN while consuming some services such as Internet Banking?→

Is there any security reason to not allow adding authenticators for a certain account?

Posted on November 26, 2021 by Alexei

I have recently added 2FA for my Google account using an authenticator installed on my mobile phone. After doing this, I have realized that it would be nice to also have the authenticator installed in a backup phone.
However, it was not po… Continue reading Is there any security reason to not allow adding authenticators for a certain account?→

Is it possible to avoid exposing the fact that an e-mail address is used by a web application (API) while still ensuring a decent UX?

Posted on October 17, 2021 by Alexei

One of the raised issues for a Web API is that for an e-mail based authentication (e-mail and password) the Register user method returns something like "the registration e-mail has been sent" regardless of the e-mail being used o… Continue reading Is it possible to avoid exposing the fact that an e-mail address is used by a web application (API) while still ensuring a decent UX?→

How to quickly find out what the threat nature of a password protected archive without getting infected?

Posted on May 27, 2020 by Alexei

I have recently received an e-mail from an existing support group e-mail box with the following characteristics:

written in the language used in company’s HQ (different from English which is the primary communication language)
had a zip … Continue reading How to quickly find out what the threat nature of a password protected archive without getting infected?→

How do applications such as password managers check leaked credentials and how can I get more results?

Posted on January 7, 2020 by Alexei

I have been using LastPass for a while and I have just seen an option to generate an exposure report. By its output, I assume it checks various sources containing credentials dumps from hacked web applications for matches to … Continue reading How do applications such as password managers check leaked credentials and how can I get more results?→

Recruiter pretends to have found my e-mail address through GitHub account. How to check if this is true? [on hold]

Posted on November 17, 2019 by Alexei

A recruiter directly e-mailed me about a job offer and pretended to have found the e-mail address via my GitHub account. Normally I receive e-mails via LinkedIn and almost never directly, as I try my best to avoid exposing my… Continue reading Recruiter pretends to have found my e-mail address through GitHub account. How to check if this is true? [on hold]→

CISCO VPN Client – Gateway’s fingerprint has changed – what is the risk of simply accepting the change?

Posted on February 6, 2019 by Alexei

I am using CISCO VPN client when working remotely to join company’s VPN. Once every 2-3 months I receive an alert like the following:

Title:

SSL Network Extender

Message:

Gateway’s fingerprint has changed. Press Y… Continue reading CISCO VPN Client – Gateway’s fingerprint has changed – what is the risk of simply accepting the change?→

Should I reply to e-mails that reached me by mistake (very low chance of being regular spam)?

Posted on November 29, 2018 by Alexei

My name is fairly usual where I live and my e-mail address is {first_name}.{last_name}@very_large_provider.com, so from time to time I receive what is very probably legitimate e-mails sent to me by mistake. They usually are s… Continue reading Should I reply to e-mails that reached me by mistake (very low chance of being regular spam)?→