Collaborate Disseminate
If a rotational SAS drive (non-SSD) is encrypted after it has been in use for some time e.g. several years, is there a danger of a data leak? For example, if the drive is encrypted and subsequently formatted e.g. dd, can data be recovered?… Continue reading Is there a danger of a data leak if a rotational SAS drive is encrypted after the fact?
With the increased drive to enable DNS over HTTPS (DoH), it’s likely that non-browser applications and systems may utilize DoH services other than those promoted by Mozilla and Google.
Since malware authors will leverage th… Continue reading How to protect users from malware utilizing protocols such as DNS over HTTPS?
Are there any security benefits of shutting down a modem router when it is not in use?
It is now widely known that devices such as D-Link have been insecure. Assuming that this remained undisclosed, are there any added advan… Continue reading What are the benefits of shutting down a modem router when it is not in use?
In reading about Smart DNS, my understanding is that a device such as a router is configured with the DNS server IP addresses of the Smart DNS provider as opposed to one that is issued by the ISP or Google for instance.
Add… Continue reading How does Smart DNS intercept traffic and what are the implications?
If a site has experienced a breach such that usernames and passwords have been leaked, should passwords be changed if 2FA or MFA is enabled?
Before this question is potentially marked as duplicate, the question “Will 2FA pr… Continue reading Should breached passwords be changed if 2FA or MFA is enabled across all sites/systems?
Wikipedia describes credential stuffing as
a type of cyberattack where stolen account credentials typically
consisting of lists of usernames and/or email addresses and the
corresponding passwords (often from a data breach) are used… Continue reading What are the differences between credential stuffing and password spraying?
My understanding is that systemd is the parent process for all other processes running on Linux.
If systemd has been updated on production devices such as servers and the service is not restarted, what are the security impl… Continue reading What are the security implications if systemd is not restarted after it has been updated?
Currently to verify package integrity, the command rpm –verify is run. In reading the rpm manual (http://ftp.rpm.org/max-rpm/s1-rpm-verify-output.html), there is no indication as to the veracity of the verification process.
… Continue reading How reliable is rpm –verify when auditing package integrity and what alternatives are there?
Often with older machines, the built-in WiFi adapters have failed. These in turn drive a demand to procure USB WiFi adapters since ethernet connectivity is not a choice.
Since the devices will be plugged into a USB port, wh… Continue reading What considerations are there for using USB WiFI adapters and how to protect against them?
My understanding is that flash based devices such as SSDs are over-provisioned and do not advertise the additional blocks of storage available to the operating system. The over-provisioned blocks of storage is to support effe… Continue reading How does full disk encryption cater for overprovisoned disk space in flash devices and can this result in data leakage?