Collaborate Disseminate
From microsoft docs:
CSRF vulnerabilities are fundamentally a problem with the web app, not the end user.
And indeed, the typical solution (CSRF tokens) is a server-side solution rather than client-side solution.
Apparently, for half a year already at least, my ISP has assigned me IPv6 addresses. I discovered this accidentally, while editing Wikipedia. So it seems my ISP started to support IPv6 addresses and decided it was a good time… Continue reading Do household IPv6 addresses introduce vulnerabilities?
Wow Windows gets really insisting when it comes to trying to convince me to use a Microsoft account rather than a local, offline account.
This answer: Is a local account on windows more secure than a microsoft account states… Continue reading If and how does attaching a local Windows account to a Microsoft account help Windows Defender better secure my PC? [on hold]
Am reinstalling Windows 10.
Dang. It forces me to provide no less than THREE security questions. I have to choose them among questions like, What was the name of your first pet and What city were you born in.
OK Windows mig… Continue reading What is the purpose of forcing people to provide "security questions" and answers to them?
This is a thing I used to hear back in the olden days of Windows XP…
People were telling me that a computer running on an out-of-date Windows XP system with no antivirus software was getting infected with malicious softwar… Continue reading How can malware immediately infect a Windows XP computer as soon as it goes online without any user action?
Another recommendation I fail to understand.
The explanation is that, if I use admin account and manage to have my computer infected, the malware is able to take control over my entire system. But:
The dreaded days of old … Continue reading Why is it recommended to use accounts without sysop rights for everyday work?
Niebezpiecznik.pl, a popular and acclaimed infosec blog in my country, recommends full disk encryption (emphasis original) to all people (ie. “Average Joes”). They warn that in the opposite scenario device theft is likely to have catastrop… Continue reading Full disk encryption vs home folder encryption – why should the former be chosen over the latter
I’m having a dilemma if I should post this here or on superuser, finally I decided it’s more security related so I post it here, if it’s wrong please move.
The situation: There is an Epson all-in-one device in the home that … Continue reading How should firewall be configured to allow using an image scanner over WiFi to avoid jeopardizing security?
I am aware of this question: Help! My home PC has been infected by a virus! What do I do now? and would adhere to its answer if I had, as this question states, “determined beyond doubt that my home PC is infected by a virus”…. Continue reading How can I make sure if my computer is infected and know if I have to nuke it from orbit?
tl;dr: In order to prevent a potential use of our computers to mine crytpocurrencies, I and a few other people were advised to append this: https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/hosts.txt to our hosts f… Continue reading What is the point of blocking a potentially malicious domain by binding it in the hosts file to 0.0.0.0 rather than 127.0.0.1?