Collaborate Disseminate
Is Mailbait (or similar services) still a threat, was it ever a threat, and if so how can it be mitigated?
Mailbait is that service that promises to fill up your email inbox by sending you a huge amount of spam. Apparently i… Continue reading Is Mailbait still a threat?
Scenario:
ModSecurity with a “default” or “generic” configuration (like the one that might be provided by shared hosting providers, for example).
Generic web application (custom, uncommon, or unknown), for which specific ru… Continue reading How useful is the default configuration of ModSecurity for a generic web application?
This question already has an answer here:
How secure are virtual machines really? False sense of security?
9 answers
I’d … Continue reading Risk of infecting the host OS if the guest OS is out of date [duplicate]
Threat: your Linux machine gets compromised in some way (untrusted app, or compromised install package or update, or an app is compromised because of a vulnerability, etc.) and something on your system tries to “call home”. S… Continue reading How useful is it to prevent Linux applications from setting up any untrusted connections, and can it be done easily?
From the manual: the s2k-count parameter specifies how many times the passphrase mangling for symmetric encryption is repeated. This value may range between 1024 and 65011712 inclusive.
Apparently in many linux distributions… Continue reading Is the range of the s2k-count parameter in GPG still adequate?
Suppose I need to connect to the internet but I cannot (or I don’t want to) trust anything outside of my laptop. Therefore I will need to make sure all connections are secure, so I guess this means they should be encrypted an… Continue reading How can I make sure Linux only uses secure connections?
The original question was about the minimum password (or PIN) length (or entropy) for the screen lock in Android. Seeing that nobody answered, and following Schroeder’s advice, I’m going to edit it and just focus on the speed… Continue reading How can an Android device be unlocked, and how long would that take?
There’s a thing I don’t understand. I found a project on Github. Looking at the list of commits, you can see stuff like “fixed XSS in file whatever, etc”. But that commit is part of a long list of commits that were made after… Continue reading How should security patches be managed in public versioning systems (like Github, etc.)?
How can shoulder surfing be prevented or mitigated when unlocking mobile devices?
I found other questions about shoulder surfing that focus more on desktop machines, but I believe the issue is much more serious and worrying… Continue reading Shoulder surfing prevention or mitigation for unlocking mobile devices
This question was originally about finding timely and reliable security advisories for Wordpress, but it was considered off-topic and by the way it was also definitely an XY problem. So I will explain the real problem I am se… Continue reading How do I keep a live WordPress up-to-date quickly without risking to break stuff? [on hold]