Category Archives: security-theater

Adobe Photoshop has killed my creativity by introducing so much anti-privacy, anti-security, and dumbed-down bloat [closed]

Posted on by

I could pick so many angles to this, but I will focus on a very famous piece of software which has been utterly ruined in recent years: Adobe Photoshop. This is not a rant, but related both to software design and psychology.

These days, i… Continue reading Adobe Photoshop has killed my creativity by introducing so much anti-privacy, anti-security, and dumbed-down bloat [closed]

What attacks are prevented using Session Timeout or Expiry?

Posted on by

OWASP recommends setting session timeouts to minimal value possible, to minimize the time an attacker has to hijack the session:

Session timeout define action window time for a user thus this window represents, in the same time, the de… Continue reading What attacks are prevented using Session Timeout or Expiry?

Is there some kind of industry-standard or at least Windows Defender-supported "anti-virus hint config file"? [migrated]

Posted on by

I have had numerous instances when Windows Defender has just decided to delete youtube-dl.exe, located in My Documents\youtube-dl.

Similarly, I have a dir where my self-coded e-mail application stores all incoming e-mails’ a… Continue reading Is there some kind of industry-standard or at least Windows Defender-supported "anti-virus hint config file"? [migrated]

How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?

Posted on by

I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical “business logic”. (This could be any other language and the exact same problem would still stand; I’m just stating what I perso… Continue reading How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?

What would happen if some random webpage made an Ajax request for http://127.0.0.1/private.txt?

Posted on by

I run a localhost-only webserver (PHP’s built-in one) for all my admin panels and whatnot on my machine. I’m worried that, if any random webpage has a JavaScript snippet which makes an Ajax call to http://127.0.0.1/private.tx… Continue reading What would happen if some random webpage made an Ajax request for http://127.0.0.1/private.txt?

When a closed-source company hires somebody to audit their code, is the auditor forced to do it in the company’s office?

Posted on by

Let’s say that ACME, Inc. is making closed-source software. It’s closed for a reason (they don’t want it leaving their building other than in compiled form). Now, they are hiring some company/person to audit the code for them… Continue reading When a closed-source company hires somebody to audit their code, is the auditor forced to do it in the company’s office?

If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?

Posted on by

Most answers to this question about the security of satellite internet boil down to: encrypting the message is more important than encrypting the method of transfer.

However, there seems to be a lot of focus on wi-fi securit… Continue reading If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?

Do any studies of Government Cybersecurity Agencies effictivness against preventing terrorism attacks exist?

Posted on by

Government Cybersecurity Agencies(GSA) blatantly spy on their own citizens. They justify all the data collection by claiming to being able to identify terrorist threats. So, is there some non-GSA funded statistics on terroris… Continue reading Do any studies of Government Cybersecurity Agencies effictivness against preventing terrorism attacks exist?