Collaborate Disseminate
I am writing to express my deep concern about potential widespread vulnerabilities affecting multiple Linux distributions. While my findings are based on personal experiences and require further verification, I urge the security community … Continue reading Urgent Investigation Needed: Potential Widespread Tampering Linux Distributions Across Diverse Variants [closed]
I am aware of a website that I suspect is, at the very least, pulling user data from visitors and possibly performing other malicious activity on visitors. Of course, the safest course of action is to avoid this site. That said, I am a stu… Continue reading How to Safely Research a Suspected Malicious Website by Using A VM [duplicate]
Security risks, as in malware, attackers, or known vulnerabilities.
Threats while the ESP is mounted, or after unmounting. E.g. Could it open access routes for future attackers. I aim to avoid creating new issues in the process of checking… Continue reading Is there any increase to known security risks by mounting the EFI System Partition, on a Windows 10 PC?
My company recently switched to an MDM solution to manage our Apple computers fleet. This is all good and well to maintain up-to-date software, and make handle lost/stolen laptop issues.
But I can help but wonder about how to mitigate a po… Continue reading What to do in case of an MDM solution admin account takeover?
I am trying to conduct a risk assessment on Google Chrome using the NIST framework. I have done the following:
Identify threat sources that are relevant to organizations;
Identify threat events that could be produced by those sources;
Ide… Continue reading How to conduct a risk assessment using the NIST framework? [closed]
This question is about the use of a TPM by a password manager used by an end-user on a PC to store and use passwords to log in to web sites and other things that are protected only by a password.
Windows 11 requires at least TPM 2.0. Suppo… Continue reading What threats can the use of a TPM by a password manager mitigate?
What are potential security implications of using older unsupported motherboards/laptops that do not get BIOS(UEFI) updates anymore, but run an up to date GNU/Linux distribution?
Do measures like using secure boot or setting up a BIOS pass… Continue reading What are the security implications of using an old computer with no more BIOS updates?
I am creating a react native mobile application using Expo. This app simply renders information – there is no data collection or entry, no user accounts, no database (other than JSON storage). There is not a single input box in the entire … Continue reading Static react native app security issues
Some of the VPNs at work block internet access once you are connected. I understand if the incoming (or even outgoing) traffic from some servers are not allowed. But why all the client machines that connect to the VPN have to be blocked?
W… Continue reading Why do some VPN block internet access?
Privacy can mean different things to people. Protecting one’s identity from autocratic regimes to ex-boyfriend/girlfriends/partners. Threat modeling goes some way in understanding actors and the potential options in mitigating these.
Guide… Continue reading What are some of the ways of identifying trade-offs between security & privacy?