Collaborate Disseminate
I am working on a project where I want to store end-user private data, but immediately this brings up the trust question of why a user would trust me to hold their data. I don’t actually want to hold their data, but rather run an analysis … Continue reading Trustless Application Architecture for end-users with secure enclaves
I am looking for a device to explain the compromises that we make for extra layers of security.
For example wrt extra layers: communication like JWT encryption/signing and other sorts of encapsulation over TLS
Could I use something like th… Continue reading Can I use the CIA triad as a sliding scale wrt complexity?
So, I have 2 Google Drive accounts. Let’s say Drive A and Drive B.
If one day I login/upload to Drive A then log out, then login/upload to Drive B, can they notice that I have 2 different accounts? Or can they only know that I accessed Goo… Continue reading Can my ISP know that I have more than one Google Drive account?
I’ve read about APKPure being infested with AdWare and similar PUPs, what would be the great source/method to download APKs for your Android phone?
Some options I’m aware of, but I need opinion on:
Package manager from F-Droid which can e… Continue reading What’s the most secure way to get APK files?
In a nutshell, I need:
to hash a file and to make this hash public, to be able to prove data integrity when sharing the data privately with a trusted third party.
to choose the right hashing method to prevent plausible brute force attacks… Continue reading How to securely hash sensitive data and make the hash public, while preventing an attack by someone who know the structure or some part of the data?
I am using a DNS forwarder, it’s not open to the WWW (runs only in the LAN) and in the dnsmasq logs I noticed something off:
Ignoring query from non-local network
Has my network been breached?
Dnsmasq is running on Pi-Hole with most of th… Continue reading Should I be worried about Ignoring query from non-local network in dnsmasq?
I think my ex-employer has been remotely accessing my laptop.
I am sure I caught a glimpse of a sign saying remote access logging out.
There have been a couple of funny mouse moments and I suspect that they have a piece of information they… Continue reading I think my ex employer is remotely accessing my laptop [migrated]
Row-level security is often an industry requirement in secure environments, such as those dealing with payment cards.
It’s supported by most major relational databases, including PostgreSQL, Microsoft SQL Server and Oracle. It works by int… Continue reading Does "row-level security" actually serve a security purpose?
I have a partner that is asking "Do you use breach detection/prevention tools?".
I host my service on managed hosting (Heroku) and currently migrating to Google Cloud. Should I be using "breach detection/prevention tools&quo… Continue reading Are IDS/IPS already implemented on Google Cloud?
I want to use Windows Admin Center, but I don’t want to install a SSL certificate.
If I were to forward packets from 80 to 443 using firewall rules would they automatically be encrypted?
Continue reading connecting to Windows Admin Center using port 443