Collaborate Disseminate
A third-party vendor that hosts our data is sending us links to an s3 amazon server to download reports of our data as a CSV. The endpoint does not check any permissions of the person trying to download the data- meaning anyone with the li… Continue reading Are unlisted links to sensitive data acceptable?
Imagine a mobile app that connects to an API server.
Disclaimer
I’m not sure if RSA is the right technique for this, please feel free to recommend alternatives.
The goal
The backend/database super users should not be able to recognize pers… Continue reading Encrypted user data and storing hashed RSA keys on the server for backup reasons
I’m building a service that will contain personal data relating to real people.
Initially the dataset will be quite small, and as such it may be possible to identify individuals if the search parameters are narrowed sufficiently.
An exampl… Continue reading How can I ensure anonymity with queries to small datasets? [migrated]
Background
There have been more than a handful of recent security breaches at my company, involving social engineering and spoofed emails.
A malicious actor fraudulently spoofing one of our customers, sends an email to a user at my company… Continue reading Microsoft Purview Sensitivity labels, best practices for setup?
The root cause of my problem stems from the fact that I need to run untrustworthy software on a bare metal windows machine, which means that I can’t just have it in a VM because of major performance hits which make the software unusable.
A… Continue reading Would my hypothetical Opsec setup with the goal of compartmentalizing sensitive areas from an insecure sandbox be sensible?
Whenever an internet connection is established on my pc, I am repeatedly getting warnings from QuickHeal like this:
I am getting such warnings repeatedly with different IP addresses. In the above image one of them is shown. These warning… Continue reading Requests to malicious IP being sent by background process on Windows
I have seen reports of lenovo laptop being preinstalled with surveillance ,monitoring and tracking app in a completely new laptop shipped from offical lenovo store(https://securityaffairs.co/wordpress/40440/digital-id/lenovo-tracking-appli… Continue reading how to ensure safety when using a new lenovo laptop?
If someone connected my phone through USB to computer or laptop and transferred files from my mobile, is there any option to check in my mobile that they used particular apps or opened and transferred data
Continue reading Can I know if someone transferred files from my mobile to their computer
I’ve been having a discussion with a developer about storing sensitive information in environment variables. Specifically within a containerised environment such as Azures Container apps.
Background information
In container apps you are a… Continue reading Secret security in containerised environment
I was surfing on a big company’s website, and I tried to make an account on it. I found that the account registration was quite buggy so I checked the page source. I found that there were error logs generated by an index.js file. The index… Continue reading How do I report that the organization is using common passwords for the backend [duplicate]