Collaborate Disseminate
I would like to restrict the installation of npm package in some projects of my company to releases that are at least X weeks old.
The reason for that being that given enough time before installing a package version, it is likely that if t… Continue reading Only install packages that are at least X weeks old [migrated]
I’m having trouble understanding the difference between NIDS (Network-based Intrusion Detection System) and NBA (Network Behavior Analysis)
It is to my understanding that
NIDS use two detection methods :
Signature-based … Continue reading Difference between NIDS and NBA
Our company suffered a phishing attack yesterday. While investigating about the attacker and the potential employees of ours who might have been phished, we ended up with the attacker database of phished users.
This database… Continue reading Incident response to a medium scale phishing attack whereas the targets are not from our company?
I’ve been doing a security audit and found out you can easily identify host roles and running services just by their computer name (using nslookup).
I would like to report this so that they use less obvious computer names an… Continue reading Computer name naming convention for security
A good chunk of ip cameras come with an easy default password which is the same for all models. It usually is something like admin, 1234, root …
The basic customer doesn’t know that millions of ip are being scanned every s… Continue reading Why do most ip camera manufacturers set an easy default password?
I was in a mall a few days ago and I searched for a shop on an indication panel.
Out of curiosity, I tried a search with (.+) and was a bit surprised to get the list of all the shops in the mall.
I’ve read a bit about evil … Continue reading Is it safe to let a user type a regex as a search input?
I’m doing an internship in a very little company and I need to configure the network. They have a Cisco router. I couldn’t find the logs to login so I called their internet provider. Apparently they configured the Cisco route… Continue reading Why is forwarding port 80 more insecure than the others?
I recently found out that a website I use every day let me know my hashed password.
The process was the following :
Go to “Delete account” and enter your password. Password is checked.
If password is correct, a form then … Continue reading Is it bad practice to let the user know its hashed password?
Common website save your ip address while your are connecting to display it on a security section view-able by the user or an admin.
I thought servers like Apache, Nginx … extracted the ip address from the IP packet (REMOT… Continue reading When to sanitize ip address?
I was reading about TCP sequence prediction which is described as almost impossible on all updated Operating System nowadays.
The total amount of possible sequence numbers is 2^32-1 which, if we try to brute force it, will be… Continue reading Is TCP Sequence Bruteforcing dangerous nowadays?