Collaborate Disseminate
How to explain to traditional people why they should upgrade their old Windows XP device? <- The interesting point made in the highest upvoted answer to this Q is that a fully patched OS is largely insignificant for the se… Continue reading Why is a fully-patched OS less important than AV?
This is an issue I’m recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they’re using their PCs. The particular issu… Continue reading How to explain to traditional people why they should upgrade their old Windows XP device?
While trying (and failing) to convice a certain older person who wanted me to “fix” their ~20 years old PC that they should not be connecting to the Internet with whatever version of Windows they have installed (they couldn’t… Continue reading How secure is connecting to the Internet via Windows XP (or even older) nowadays only for e-mail?
Diceware wants us to actually randomly pick n words from a given set of m=65 words.
Assume a user does not actually use a dice. Instead they take a physical dictionary of m words and “randomly” picks n words.
Can it be some… Continue reading How strong is a password consisting of words arbitrarily chosen form the dictionary?
Example strong diceware password:
widow stout harvey crest zomba zloty butyl
This password will be rejected by most sites, for example by Outlook.com. (Notable exceptions: Gmail, Stackoverflow, which seem to accept this very password (t… Continue reading Given Diceware, why does the requirement to contain uppercase, numerics & punctuation in passwords still stand?
How to find out what programming language a website is built in?
How much of a Django application could be reverse-engineered if the owner forgot to turn debug mode off?
And other Qs like these ^ .
Shortly: It would seem t… Continue reading Is open-sourcing the code of a webapp not recommended?
I know the general advice that we should never design¹ a cryptographic algorithm. It has been talked about very extensively on this site and on the websites of professionals of such caliber as Bruce Schneier.
However, the g… Continue reading Why is it wrong to *implement* myself a known, published, widely believed to be secure crypto algorithm?
Frameworks for web apps typically can run in either production mode or development mode. One of the major differences between the two modes is how exceptions are handled: in development mode the browser will typically be sent… Continue reading What is the use of disabling detailed exception pages on open-sourced apps?
Let’s say a user can store some data in a web app. I’m now only talking about that sort of data the user can THEMSELVES view, not that is intended to be viewed by other users of the webapp. (Or if other users may view this da… Continue reading How hard should I try to prevent a user from XSSing themselves?
Many browsers do not allow you to access files on the local filesystem with JavaScript (even if the HTML document is also on the local filesystem).
(source)
Yes I know that the solution is to "install and use a HTTP server for local… Continue reading Why do browsers disallow accessing files from local file system even if the HTML document is also on the local file system?