Collaborate Disseminate
The school has a few security measures in place to ensure students are not going to inappropriate sites based on content. In this day there are more students being sent to YouTube to watch educational videos that are assigned by the teache… Continue reading What is the best way to detect when a user circumvents logging by temporarily embedding a YouTube video into PowerPoint?
Back in the day, mostly, such injections were taking place over the
server log files. Such files are the Apache error log, the Access log
and more. Techniques like these have been used for years and,
hopefully, they won’t work on updated … Continue reading Log poisoning prevention in the context of LFI
Suppose that someone browses non-Youtube videos (like on Vimeo) in Google Chrome’s Incognito mode.
Does Google collect and store any data about this activity ("watched videos on Vimeo" activity)?
In general, does Google store A… Continue reading Does Google collect and store data about activity done in Incognito mode?
Whenever I read something like "ISPs store your data" or "ISPs delete your data after 6 months" or anything like that, I imagine data to be the following things:
(1) At what time I accessed the Internet, got what IP add… Continue reading What information do ISPs delete after retention period?
We’re manually reading HTTPD log files and taking note of service abuse.
Example:
10.0.0.1 – – [01/Jan/1970:00:01:01 -0100] "GET /fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
…
10.0.0.2 – – [01/Jan/1970:00:01:10… Continue reading Is there a utility that identifies attack footprints in HTTPD log files? [duplicate]
We’re manually reading HTTPD log files and taking note of service abuse.
Example:
10.0.0.1 – – [01/Jan/1970:00:01:01 -0100] "GET /fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
…
10.0.0.2 – – [01/Jan/1970:00:01:10… Continue reading Is there a utility that identifies attack footprints in HTTPD log files? [duplicate]
Having an Ubuntu server with current software, updated daily, every 5 days or so someone gains root access. I know that from log watch.
I search the logs for his ip and it doesn’t show up.
He is probably using a VPN as once it’s in china, … Continue reading How do you find an attacker if he immediately cleans after himself?
I’ve done some research and it looks like that the way linux keeps history is less about security and audit and more about helping the user.
Even after making changes to instantly log the command and space commands the command still wont l… Continue reading Logging SSH commands on Linux – is custom kernel the only way?
A security expert told me the following:
"The problem with how you have this rigged is that if someone hacks
into the web server, the credit card details, though they may be
transacted via authorize.net, are almost ALWAYS findable in… Continue reading Is credit card info often inadvertently stored in web server logs? [closed]
Large Groups of Isolated Users Shrink Your Exposure Surface
Enterprises frequently acquire an isolation solution (with Menlo for remote browser isolation) for groups of users, such as VIPs, rather than their entire workforce. While this strategy i… Continue reading How Isolation Changes Incident Response