Collaborate Disseminate
CIS has published hardening standards for all operating systems of EC2 in AWS.
CIS also provides hardened images as well but they’re quite expensive at $130/year/instance.
Is there a place where we can get open source hardening scripts to … Continue reading Where could we get CIS Hardening Scripts for AWS EC2?
If you have full-disk (or a partition) encrypted, and your computer crashes, without the opportunity to re-encrypt the data (I’m assuming that happens with a graceful shutdown), isn’t that a security risk*? How is it handled?
*The main pur… Continue reading How is re-encryption of a drive after a crash handled?
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.
From Ross Anderson’s blog:
We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages…
I’ve been doing some research into GPU based malwares, and would like to know if there is a way to run them on a dual boot scenario with the code being executed only on one Operational System and be "stored" to also execute on th… Continue reading Cross OS GPU based malware
Since Secure Boot authenticates software, the OS only needs to check hardware. The implementation I have in mind measures hardware and compares the result of the measurement to the value in an EFI NVRAM variable. If they differ, the OS hal… Continue reading Can an OS implement Trusted Boot without TPM given Secure Boot?
Will Avast detect spyware? Are these RATs detectable by anti viruses, will Avast detect them? Github says that these are all spywares available to date? Are these all of the available spywares or are there more? here’s a link: https://gith… Continue reading How effective is Avast Anti Virus for Android? [closed]
How does spyware work, does there have to be a system flaw in order for it to work? Does spyware only work if there’s a system vulnerability?
Does updating phone remove spyware? Will keeping system OS up to date stop spyware from working?… Continue reading Spyware on Android [closed]
Linux is set for a big release this Sunday August 29, setting the stage for enterprise and cloud applications for months to come. The 5.14 kernel update will include security and performance improvements. A particular area of interest for both enterprise and cloud users is always security and to that end, Linux 5.14 will help […] Continue reading Linux 5.14 set to boost future enterprise application security
Since 2017, Microsoft has offered its Office suite to Chromebook users via the Google Play store, but that is set to come to an end in a few short weeks. As of Sept. 18, Microsoft is discontinuing support for Office, which includes Word, Excel, PowerPoint, OneNote and Outlook, on Chromebook. Microsoft is not, however, abandoning […] Continue reading Microsoft is discontinuing its Office apps for Chromebook users in favor of web versions
(This question bugs me because I am not willing to upgrade for Windows 10)
If we are talking about a device (i.e. a PC) in the following scenario:
The device is located behind a router that is up-to-date and all inbound ports are closed
T… Continue reading Importance of OS security patches for devices only used in home network