Why developers put the installer/executable and the file checksum on the same server? [duplicate]

On https://exiftool.org/ , there is a link to https://exiftool.org/exiftool-12.01.zip and https://exiftool.org/checksums.txt .
Both the ZIP archive and the checksum hash are hosted on the same machine. This means that an attacker who has c… Continue reading Why developers put the installer/executable and the file checksum on the same server? [duplicate]

More Musings on Reverse Security Theater and “Security Signalling”

“Security theater” (a term widely attributed to Bruce Schneier) “refers to security measures that make people feel more secure without doing anything to actually improve their security.” This concept essentially denotes fake, &#… Continue reading More Musings on Reverse Security Theater and “Security Signalling”

Is there some mechanisms in PHP to assign "less trust" to scripts in a given dir? (not a duplicate) [closed]

Kindly stop redirecting my questions to that unrelated one which doesn’t answer my question whatsoever. I’ve already read every answer there and it doesn’t help at all. If it did, why would I ask this much more specific question?

This has… Continue reading Is there some mechanisms in PHP to assign "less trust" to scripts in a given dir? (not a duplicate) [closed]

How did (in particular) Americans just go along with the concept of having to own and show "photo id" everywhere? [closed]

I remember hearing or seeing a documentary or something a “long” time ago, likely in the early 2000s, about how a lot of Americans (USAians) refused to show an “id” even when voting, where it might possibly be justified to demand some form… Continue reading How did (in particular) Americans just go along with the concept of having to own and show "photo id" everywhere? [closed]

How exactly does Windows Defender in Windows 10 determine when to upload your local files to Microsoft?

Every time I install Windows 10, I painstakingly go through every setting that can be found in any GUI setting for the OS, disabling everything that sounds creepy.

One of the most disturbing things I’ve found is what I believe is called “… Continue reading How exactly does Windows Defender in Windows 10 determine when to upload your local files to Microsoft?

Adobe Photoshop has killed my creativity by introducing so much anti-privacy, anti-security, and dumbed-down bloat [closed]

I could pick so many angles to this, but I will focus on a very famous piece of software which has been utterly ruined in recent years: Adobe Photoshop. This is not a rant, but related both to software design and psychology.

These days, i… Continue reading Adobe Photoshop has killed my creativity by introducing so much anti-privacy, anti-security, and dumbed-down bloat [closed]

What attacks are prevented using Session Timeout or Expiry?

OWASP recommends setting session timeouts to minimal value possible, to minimize the time an attacker has to hijack the session:

Session timeout define action window time for a user thus this window represents, in the same time, the de… Continue reading What attacks are prevented using Session Timeout or Expiry?

Is there some kind of industry-standard or at least Windows Defender-supported "anti-virus hint config file"? [migrated]

I have had numerous instances when Windows Defender has just decided to delete youtube-dl.exe, located in My Documents\youtube-dl.

Similarly, I have a dir where my self-coded e-mail application stores all incoming e-mails’ a… Continue reading Is there some kind of industry-standard or at least Windows Defender-supported "anti-virus hint config file"? [migrated]