Collaborate Disseminate
I need a bit of help to figure/plan out this scenario:
So for a mobile app I’m currently working on, the use case requires authenticating users via mobile number and OTP. So basically the user enters their number, receives an OTP, enters t… Continue reading Figure out security and auth for mobile app which uses Firebase
This is about a PHP7.4 based shopping platform (opencart (v3.0)).
For testing purposes I had a dummy set up at site.com/xyz. The admin page of that was site.com/xyz/admin. The login and pw for the admin page was also admin. I know, but the… Continue reading How to trace script injection/infection in php app
There are documented (albeit debated) advantages to using a non standard port for SSH.
I also read in various places about using a non-standard port for https (e.g. 8443). Is there a possible advantage to doing this? Of course, the firew… Continue reading Is there a possible security advantage to using a non standard port for ssl/https?
From time to time, I see this dialog box pop up on my MacBook Pro screen. It typically happens as the computer wakes up from sleep.
Magic keyboard is trying to connect using an unsecured Bluetooth connection. Unsecured Bluetooth acc… Continue reading Apple bluetooth keyboard insecure connection?
Finally, even I got the fabled ransomware emails we’ve all heard about so much.
First, let’s look at the facts before I get to my question:
I use Mozilla Thunderbird as my email client.
I was using at least one VPN (one … Continue reading Received ransom email containing my password. How did they get my password?
As far as I understand, bruteforcing ssh is only attempted for passwords, not keys (barring edge cases where presumably the NSA wants to break in).
So if a server has disabled (in addition to root login) password authentica… Continue reading Is something like fail2ban necessary for a rate-limited key-only (no password) ssh login?
I’ve sometimes heard/read that one of the ways to deal with embedded exploits (malware code built into the image encoding itself) is adding random noise to an image file, or resizing the image. Are any of these methods in fa… Continue reading Does adding random noise and/or resizing images help neutralize graphics files with embedded exploits
For a webapp based around user uploaded pics, I want to check that I’m doing things sufficiently securely. Below is an outline of the current setup.
Of course only registered users can upload, but I know that doesn’t mean … Continue reading File upload security in webapp – overview of setup
(Note: update at end of Q)
On a Mac, I am using AVG as the primary AV. In addition to this, I have a few scanners (Bitdefender and Malwarebytes) that I update and use periodically. Recently I decided to add Kaspersky’s free … Continue reading AVG detects Kaspersky update files as infected (trojan, infected, malware)
In addition to scanning user uploaded files, I would also like to ensure that forms for user profiles, comments, etc. cannot be misused to submit malicious script. What are some known good methods of doing so? Should checking… Continue reading In NodeJS, what is a good way of ensuring user submitted data in (text input) forms is not malicious?