Collaborate Disseminate
Last week my employer sent me a root cert to access the company’s VPN on my personal iMac. When I am connected to the VPN, I’m aware the VPN server can encrypt/decrypt the traffic, but I have some questions.
If I am already signed in to a… Continue reading Privacy related to company VPN
I have a laptop with dual boot (Windows 10, Windows 11) and only windows 10 is encrypted.
My problem is that I get asked for password before being able to choose which Win OS I’ll load. My windows 11 isn’t even encrypted.
I tried using gru… Continue reading Veracrypt asks password twice on boot (Dual boot)?
Is it acceptable to store a client cert’s private key as exportable in the computer’s certificate store?
I have a .NET desktop app that installs client certificates in local machine\personal. The certificates are generated by a protected A… Continue reading How to protect private key for client cert in machine store? Is it acceptable for it to be exportable?
Looking at a potential solution where the thumbprint of a client cert is used to identify individual users and provide access control.
Supposing someone was able to view the thumbprint of a cert installed on a machine, would they be able t… Continue reading Can a SHA2 x509 cert thumbprint be spoofed/specified?
We have an issue with ModSecurity rule 941160 being triggered by the WordPress feature legacy-widget-preview because the request to upload an image file into the widget matches "<img src="
The ModSecurity log file has this:
A… Continue reading ModSecurity rule 941160 triggered by WordPress legacy-widget-preview
We have an issue with ModSecurity rule 932150 being triggered when someone searches a site for "ruby red", because (I presume) the rule thinks it’s blocking potential Ruby on Rails code.
I found this:
"The Remote Command Ex… Continue reading ModSecurity rule 932150 false positive, remove ruby from criteria
From the comments I received on the original question I took notice of the stress they placed on using an amnesiac system, a ‘live’ system, either by using a system like Tails or using a live USB ISO stick.
Now that surprised me a bit as I… Continue reading Is my live boot system exposing too much data? [closed]
Say I have Tor running and am browsing the dark web with the Tor browser. If I were to save a local copy of a web page and render it into another browser, like Chrome (with JS enabled), would I then have a higher risk of revealing my IP ev… Continue reading Is saving a dark web page locally and reloading it in another browser a security risk?
Scenario: My service that is storing customer files is hosted on my own personal physical server, “on-prem”. It is then using one of the popular cloud storage services (Azure blob storage, AWS S3) to store these customer files. They may or… Continue reading Is client-side encrypted data really personal data
Are smart plugs safe, Xiaomi ones in particular (Zigbee and WI-FI versions)?
My main concern is that the plug is connected to Mi account and allows remote management. In case hacker gains access, can he reboot it dozens of times per secon… Continue reading Are smart plugs safe? (Xiaomi in particular)