Collaborate Disseminate
I am trying to mount a fat16 Veracrypt volume on a multi-user MacOS system.
The mounted volume always seems to allow full permissions for all users on the system.
I have tried everything I can think of to restrict to only the current user … Continue reading Restrict fat16 Veracrypt volume to single user on MacOS [migrated]
I am using Chrome 87 with Jitsi Meet 2.0, but I have noticed this behavior too with other setups. When I first enter a room, Chrome asks for the following permissions:
Even if I click "Block" to deny these permissions, Jitsi sti… Continue reading Why don’t video conferencing web applications ask permission for screen sharing?
I’ve been asked by a customer of mine, to manage a few hundred WordPress sites.
Doing an initial security assessment, I’ve found that every site (350 sites) has unusual file permissions on every php file (755) that means executable bit on … Continue reading Unusual file permissions on WordPress websites
I’ve been reading online that homebrew changing usr/local/bin to r/w could pose a serious security issue as usr/bin is the path after usr/local/bin.
Article found here: https://applehelpwriter.com/2018/03/21/how-homebrew-invites-users-to-g… Continue reading Is homebrew’s change of usr/local/bin to r/w a security issue?
On my Android, there is a feature that I can set password for app that I want to. Example, let’s say I set a password for my gallery and then I install new app from play store or browser and the new app want to access my gallery. Can that … Continue reading Can one app access an app that has password protected? [migrated]
As a company that wants to offer access to its services to a third-party known clients, I designed an authentication/permission system.
Here are our needs:
As a service provider (A), I want to provide another company/customer (B) access t… Continue reading Dynamic authorization delegation from a third party service to a client application on a given information system [migrated]
I’m trying to harden a Linux installation on a personal computer – I decided to try both SELinux and AppArmor as a Mandatory Access Control (MAC) to supplement the default Discretionary Access Control (DAC) that Linux comes with by default… Continue reading Linux whitelist-based Mandatory Access Control instead of a blacklist-based model
My client had his wordpress site attacked, his site is not a juici target, the attack consisted in redirecting the site to another site.
That in itself is no surprise, the weird thing is that both the SSH (For context, the site is on a vps… Continue reading Dreamhost hosted wordpress site attacked – SSH password was changed – Need help assesing attack vector
The malware also has a unique machine-learning module. Continue reading Sophisticated Android Ransomware Executes with the Home Button
What are the security best practices for files on a shared drive:
Apply the principle of least privilege?
Access level should be approved by the Manager and audited regularly?
Some of the technical details are also listed here which are s… Continue reading security best practices for shared folder on a drive