Collaborate Disseminate
Currently on the "FLOSS market" there are multiple options for encrypting remote cloud storage following different security models and different philosophies. To name a few:
encfs (I guess it’s legacy)
cryfs (still in beta)
gocr… Continue reading Which of these filesystem encryption philosophies and methodologies are better for which purpose? [closed]
Rather primitive Malware using Python3 and similar already available software on the victim’s machine (which can also be compiled using PyInstaller/pycom if not) has the capability to override the user’s processes in memory while they’re r… Continue reading Can malware override and execute any memory location or it has to be specific?
My threats are: MitM basically, eavesdroppers
I have a Nextcloud instance and I was thinking of mounting sshfs locally and selecting local as the external storage type and then putting the data there, but is it the most secure option?
Next… Continue reading What’s the most secure mounting method for external storage in Nextcloud when not using encryption on rest for performance reasons?
My threats are: MitM basically, eavesdroppers
I have a Nextcloud instance and I was thinking of mounting sshfs locally and selecting local as the external storage type and then putting the data there, but is it the most secure option?
Next… Continue reading What’s the most secure mounting method for external storage in Nextcloud when not using encryption on rest for performance reasons?
I’ve found a question with an answer here on Security StackExchange or on Unix StackExchange, but I can’t find it anymore apparently 🙁 If you find this answer already, help would be appreciated, I already searched both places extensively…. Continue reading How do you trust two different cloud provider servers?
I mean this has certainly been implemented by some scummy PRNG developers, which thought of the economics behind it (especially in the casino and similar businesses). So it might be even legal in some cases, but this not Law StackExchange … Continue reading What’s the best approach to make PRNGs favourably deterministic a.k.a. biased and how to protect yourself against this?
I was wondering whether you need to have Microsoft Office installed to be vulnerable to CVE-2022-30190 RCE.
As far as I understand, MSDT is the issue here (the attack vector so to say) and as shown here https://docs.microsoft.com/en-us/win… Continue reading Does only having Microsoft Office installed make you vulnerable to the CVE-2022-30190 RCE or having Windows as your OS is enough?
We’ve all certainly heard about the widely overhyped BadUSB exploits on the Physon microcontrollers.
There’s certainly a high potential of gaining something by targeting such a specific device, which is designed to only contain secrets.
Ev… Continue reading What security measures does YubiKey take to secure its hardware from malicious firmware tampering? [closed]
When trying to analyze malware, have there been cases where malware detected the use of mitmproxy and ceased operation?
If that has happened, would it be a good idea to be constantly using a proxy as a measure for deterring any malware?
I’ve read about APKPure being infested with AdWare and similar PUPs, what would be the great source/method to download APKs for your Android phone?
Some options I’m aware of, but I need opinion on:
Package manager from F-Droid which can e… Continue reading What’s the most secure way to get APK files?