Collaborate Disseminate
I have a custom Debian router installation which I’m trying to keep both secure and low-maintenance. I’ve therefore set some scripts which keep my Docker containers, blocklists, and OS (security updates only) actual by checking for updates… Continue reading Security Implications of Automatic Updates?
I am connecting to a wi-fi network and blocked all IP addresses in this network with a regular Windows 10 firewall. The only available IP addresses are:
192.168.1.1 = gateway
192.168.1.102 = my own IP address
Some people from the wi-fi s… Continue reading Windows 10 Update – Man In The Middle Attack – Tamper Update [duplicate]
Developers update their software, sometimes they patch vulnerabilities.
Is it realistically possible to analyze the updated code (even if it’s closed source) to find the vulnerability that has been fixed (and still exist on all unpatched v… Continue reading Analyze fixed vulnerabilities in software updates
I have a Linux server that hosts an internal web server (apache) and database (MySQL).
I would like to know what’s the best option to update the packages (ex: web server) knowing that this server does not have Internet access (but could ha… Continue reading How companies update their packages on Linux server that do not have access to Internet? [migrated]
Frequently, I’ve noticed that motherboard manufacturers recommend against installing/upgrading BIOS updates unless there’s some kind of issue you are encountering. The warning usually comes in the form as the following (taken from a Superm… Continue reading Why are BIOS updates discouraged if they provide security improvements?
Within a DevSecOps Ci/Cd pipeline, one of the best practices is to automatically discover and apply patches to vulnerable software prior to deployment.
Is it possible to check a CVE database, find patches, and then deploy? I want to build … Continue reading How do you build in the capability to automate the ability to discover and apply security patches in your ci/cd pipeline?
Recently an organization I forgot to update credit card details had my renewal payment fail because I forgot to update details. They sent an email as below which had a direct link to a web form without any instructions to check authenticit… Continue reading What is best practise to send credit card details update emails when the details have expired?
Keep in mind that I am not a security specialist or a networking specialist. I am a software developer dealing with this kind of software for the first time.
Our software is used to control user session on Windows computers. Users are assi… Continue reading How can a service securely update an application even when the computer’s current user could be hostile
My understanding is that secure boot works by verifying each stage in the boot process before proceeding. So first, UEFI or booting firmware will validate the signature of the bootloader, then kernel, applications etc. before loading.
When… Continue reading Secure boot after an OTA update confusion
In my decades of using Windows, I’ve never gotten prompted for an administrator password when logging into a non-administrator account after a Windows update. Today, on Windows 10, I did, and the reason was to run two apps. One was "… Continue reading After Windows update, normal to get prompt for Administrator password? [migrated]