Collaborate Disseminate
There are many reports of data breaches, especially ransomware attacks, in the news lately. But it is difficult to determine the root cause or what vulnerabilities were exploited for each one. I would like to know exactly how attackers are… Continue reading Is there a website that provides details and root cause of data breaches reported in the media?
X-Frame-Options HTTP header is used to tell if a webpage is allowed to be used in a frame/iframe.
Frames can be used for click-jacking/UI-redress attacks.
It is advised to set X-Frame-Options to ‘DENY’ to prevent page being used for cli… Continue reading How good can X-Frame-Options HTTP header do against click-jacking?
What would be some security implications of a fixed pathname (although probably in a system directory when it would be deployed as a system service) rather than a relative (out of current directory)? If the answer is "it depends"… Continue reading Security implications of a fixed vs relative pathname
I know the title isn’t good at all but allow me to explain. In this model I have n devices on different networks that are able to communicate with each other. A supervisor is able to see every packet a device sends or receives. How can two… Continue reading What mitigations are there against a timing attack done to find which devices are communicating on a set of devices?
I just had a look at the firewall status and saw it had blocked over 300 requests from TOR, Python Urllib, and some script called aabbccdd.xss.ht/pigeonburger.xyz (pigeonburger.xyz being my website).
All of them are trying to access a non-… Continue reading Getting an abnormal amount of firewall warnings on web server
After stumbling upon some unknown folders in my unused OneDrive (posted question), I did some digging arround and found some interesting logs. Apparently, OpenSSH had been used for remote access on my machine. A description of the attack c… Continue reading OpenSSH artifacts, remote system access?
For the second time my website seems to be the target of a large automated attack. It seems complex enough and very well executed. I have the following systems in place:
Captcha on 3rd failed login from IP
Account lock for 30 min after 5 … Continue reading Prevent a bot accessing login page with multiple IPs and massive list of username/ passwords
I understand that a threat is a possible security violation that might exploit the vulnerability of a system, and a attack is an action on a system that harms the organisation in some way. Therefore, we should detect attacks and prevent or… Continue reading Insider threats vs. insider attacks
I have heard that intelligence agencies and hackers can illicitly gain access to a computer’s webcam and microphone and keep a close eye on people using suspicious programs or malware.
Is there any way to check if such thing is happening t… Continue reading How to make sure that no one is watching you through webcam?
This is my code where i have a userId in a method SwitchUser_Click. I need to prevent or somehow encode the return value from the switchUser_Click as it includes the UserId of a user vulnerable to XSS attack or redirects.
function SwitchU… Continue reading How to prevent XSS attack on selected window.location in javascript