Does a Chromecast could be compromised from its default open network?

I left my apartment for few days, so I disconnected my wireless router but I forgot to disconnect my Chromecast as well. I remember that when a Chromecast can’t find the network it was connected anymore, it creates an open network that can be used to reconnect to another wireless network.

The issue is that I’m away from my apartment for a few days and my Chromecast is probably currently broadcasting an open network that anyone can connect to.

Even if there is no internet connexion on that open network, there are two things I’m worried about.

  1. The Chromecast could be attacked from a wireless exploit. We don’t know how someone else’s computer could be infected by malware, the Chromecast could be attacked once that infected computer connects to it (for example, by running wireless exploits against). Even, the worst scenario could be an attacker just connecting to that Chromecast open network and directly run exploits against it.

  2. It might be possible for someone who can attack the Chromecast to get the wireless network password that the Chromecast was previously connected to. This password might be obviously stored somewhere on the Chromecast memory and with some access to the filesystem by a kind of jailbreak (for example, the point 1), it could be retrieved and used to connect to my wireless network.

Considering those two points, should I factory reset my Chromecast once I’m back to my apartment ? Or even safer, should I get rid of this Chromecast considering that the firmware could have been compromised and buy a new one ?

wfuzz default number of connects in parallel per target?

In Hydra, default number of connects in parallel per target is 16 and it can be changed with -t flag.

E.g. -t 100 for 100 connection in parallel per target.

wolf@linux:~$   hydra -h | grep parallel   -t TASKS  run TASKS number of connects in parallel per target (default: 16)   -T TASKS  run TASKS connects in parallel overall (for -M, default: 64) wolf@linux:~$    

What about wfuzz? I did not see this info in it’s help menu. Is it possible to change it’s value?

wolf@linux:~$   wfuzz -h | egrep -i 'thread|parallel' wolf@linux:~$    

What is the best way to create default page when access to a protected directory is Cancelled through onclick?

I have a protected directory on an hosted IONOS server. It correctly works when the correct credentials are entered, but when a user hits cancel, it redirects that user to the hosting provider’s promo default page.

eg. https://initiostar.co.uk/ticker/OmniTicker.7z

eg current htaccess

AuthUserFile /path/to/the/password/file/.htpasswd AuthType Basic AuthName "Protected Page"  <Files "index.php"> Require valid-user </Files> 

If the user hits cancel you are redirected to the host’s default page. Tried adding a default, but I doubt this is the way to it.

DefaultIndex [filename]  

Preferred outcome: popup box opens in a small window on the web page and where cancel is executed, it closes the popup and stays on the same page.

For anyone working with Apache I assume this is standard stuff, but not for me.

How can I add attributes to all characters in a folder and set them to a default value?

I recently decided to consolidate my macros that refer to a character’s gender by pronoun into a single one using attributes on the character sheet (ie subjective, objective, possessiveA, and possessiveP) and am looking for a way to loop through each character in a folder and add those attributes to each of them and set them to a default of {it, it, its, and its} respectively. Is there any way I can do that? I do have api access if it’s required to do it.

Best practice for modeling data that is both general (default) and entity-specific

I have tried searching for good guidance on this already, but without much luck. Still, apologies in advance if this is duplicated elsewhere.

The Problem

In a nutshell, we have external contractors that work on cases for our clients. We already have tables with contractor and client information in our SQL Server database. Going forward we’d like to store billing info in there too. Billing rates can differ for each client and contractor, but usually each client has a general “default” pay rate that applies to most contractors.

Option A

The initial proposal was to create a new table with the following basic design:

clientContractorPay

  • clientID – foreign key to client table
  • contractorID – foreign key to contractor table
  • basePay – pay rate for this client-contractor combination
  • ... – several more (10+ and likely to grow) columns with supplemental pay rate details
  • A unique index to help optimize lookup and also prevent multiple rows for a given client-contractor combination.

Contractor-specific pay rates would naturally be linked to the relevant contractor (and client). General (default) pay for a client would be stored in a row where contractorID is NULL. This is to avoid having to duplicate the same default pay for all contractors that don’t have specific exceptions.

Option B

However, one of our senior devs has strong reservations about Option A. Their main argument is that using NULL in the contractorID column to mean “this is the default pay rate row” is unintuitive and/or confusing. In other words, it’s bad to assign meaning to NULL values.

Their counter proposal was to duplicate these new pay rate columns in the client table. The data stored there would indicate the default pay for each client, while contractor-specific exceptions would still live in the new table above.

What To Do?

It seems clear both proposals would work just fine, but I have my own reservations about the second. Mainly it seems wrong to store the same type of data (client-contractor pay rate details) in multiple places, not to mention more complex logic to read/write this data. I also don’t like duplicating these new columns in both tables, since it would force us to add any future pay rate columns to both tables.

However, I can see my colleague’s point about potentially misusing NULL in this case. At the very least, it’s not immediately obvious that rows with a NULL contractorID contain default pay rates.

It’s been far too long since my database programming courses, so I’m not sure what the current best practice for this type of entity relationship is? I’m open to whatever is best long term, and would appreciate any expert guidance, especially with links to additional resources.

Thank you in advance!

Unable to open default database after delete and restore it with a backup from another computer

I’m using SQL Server 13.0.4259.

I have created an user for my database with this script:

— Create TRZF db user.

USE [master] GO  if not exists(SELECT name                  FROM [master].[sys].[server_principals]                WHERE name = N'trzf_user') begin     CREATE LOGIN [trzf_user] WITH PASSWORD = '**********', DEFAULT_DATABASE=[$  (DatabaseName)], DEFAULT_LANGUAGE=[EspaƱol] end  USE [$  (DatabaseName)] GO  IF NOT EXISTS (SELECT name                  FROM [sys].[database_principals]                 WHERE name = N'trzf_user') Begin     CREATE USER [trzf_user] FOR LOGIN [trzf_user] WITH DEFAULT_SCHEMA=[dbo] end ALTER ROLE [db_datareader] ADD MEMBER [trzf_user] ALTER ROLE [db_datawriter] ADD MEMBER [trzf_user]  GRANT EXECUTE TO [trzf_user]  GO 

But I have had to delete it and restore it from another client’s database. After doing that, I have tried to login with the user trzf_user, using Management Studio, but I get this error message:

Unable to open user default database. Login error. Login failed for user 'trzf_user'. (.Net SqlClient Data Provider) 

I have tried this script:

USE [master] GO  ALTER LOGIN [trzf_user] WITH DEFAULT_DATABASE=[TRZIC-F] GO  USE [TRZIC-F] GO  IF NOT EXISTS (SELECT name                  FROM [sys].[database_principals]                 WHERE name = N'trzf_user') Begin     CREATE USER [trzf_user] FOR LOGIN [trzf_user] WITH DEFAULT_SCHEMA=[dbo] end ALTER ROLE [db_datareader] ADD MEMBER [trzf_user] ALTER ROLE [db_datawriter] ADD MEMBER [trzf_user]  GRANT EXECUTE TO [trzf_user]  GO 

But I’m can’t login.

How can I fix this problem?

I have run all the scripts and restored the database using sa user.

Before deleting the database, I can login with user trzf_user.

Why nmap scans port in my default gateway?

I tried to use nmap in my computer and saw that nmap cant find nothing for my local computer ip(even that HTTPS absolutely open).

But when I tried to scan nmap with range of IP’s I saw that the only open port’s nmap found was on the default gateway ip.

Why is that?(cant find nothing on the web).

edit: I have been asked to give exampale.

so lets say my default getway(router) ip its 1.1.1.1 and my first computer local ip is 1.1.1.2 and my second computer loacl ip is 1.1.1.3

when I try nmap(with different parameters) on 1.1.1.2 or 1.1.1.3 I dont getting any open port(“all 1000 ports are closed”)

but when I try nmap on 1.1.1.1 I am getting 12 open ports(that I belive open on my first or second computer).

Security headers in application vs. Tomcat default 40x error

I would like to assess the actual risk for various CORS attacks when a web application properly sets CSP and other response headers, but the app server error page does not. When a 40x can be provoked by trying to access protected content, for example, can the error response be used to inject malicious scripts, even though the web application is protected? I just can’t envision a scenario where this is done.

Or x-content-type-options: nosniff. It is missing from a 400 error page. Is this a real vulnerability? What can an attacker do with the error response?