gen – WindowsTechs.com

For package managers like pip, is it a better practice to install packages with the `–user` flag?

Posted on October 24, 2020 by gen

I understand that for most package managers (pip, brew, TeX tlmgr, etc) packages are typically not audited, so there are some inherent security risks in using these package managers. Sometimes the package repositories aren’t trustworthy ei… Continue reading For package managers like pip, is it a better practice to install packages with the `–user` flag?→

How do I know if a Google Chrome extension is leaking data?

Posted on April 2, 2020 by gen

Many Google Chrome extensions require permissions to read the contents of webpages the user visits. How can the user verify whether and to what extent a certain Chrome extension leaks data?

Continue reading How do I know if a Google Chrome extension is leaking data?→

Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA? [duplicate]

Posted on March 24, 2020 by gen

Authy is a popular cross-platform TOTP application that supports syncing keys across devices. I have been a little confused by the idea of having a desktop client… This way if someone accesses my primary PC they’d find all my passwords s… Continue reading Doesn’t installing a TOTP client on your primary PC undermine the whole point of 2FA? [duplicate]→

What are the dangers of extending my PATH?

Posted on September 20, 2019 by gen

Are there any dangers of extending my PATH, say by adding /Users/me/bin?

Continue reading What are the dangers of extending my PATH?→

What attacks does the disclosure of VPN user credentials allow?

Posted on June 25, 2018 by gen

Many popular VPN services (that provide encrypted tunnels between the users’ devices and distant VPN servers) authenticate users using a pair of email address and password. What attacks would the disclosure of the credentials… Continue reading What attacks does the disclosure of VPN user credentials allow?→

Why would be an attacker interested in whether a cryptographic key exchange protocol succeeded or not?

Posted on February 12, 2018 by gen

Why would an attacker want to know if a key exchange between two parties succeeded or failed? What are some motivations for wanting to know this?

Continue reading Why would be an attacker interested in whether a cryptographic key exchange protocol succeeded or not?→

How can third-party VPN applications tunnel all traffic of all processes on sandboxed operating systems?

Posted on December 18, 2017 by gen

How can (third-party) VPN applications tunnel all communication of all processes on sandboxed operating systems (such as OSX, etc)? Can they access the traffic of other apps and redirect them?

Why is this approach often pref… Continue reading How can third-party VPN applications tunnel all traffic of all processes on sandboxed operating systems?→

To what extent can the latest iOS be trusted?

Posted on December 11, 2017 by gen

What features risk information leakage and how secure is the ecosystem overall? What are some of the most recent exploits?

Continue reading To what extent can the latest iOS be trusted?→

How do I know that my connection is really encrypted?

Posted on September 10, 2014 by gen

I am using a VPN to ensure to encrypt my traffic.

I wonder though if I could check somehow if the datastream really is encrypted?

Continue reading How do I know that my connection is really encrypted?→