Remote desktop user minwinPC altering security privileges while computer was ‘off’

Is it possible for windows to start the computer while it’s off? I installed a fresh copy of windows and was looking at the security event logger. It logged 5.2k security audits while I was asleep and when the computer was off (I checked it before going to sleep because of strange behavior).

The name is MINWINPC and its target is the built in domain using remote desktop users. TargetSID is S-1-5-32-555. Subject user ID is S-1-5-18. Security logs show altering stack tracing and escalation of privileges.

Account domain is included in WORKGROUP but all network discovery is off. NETSH shows no domain of WORKGROUP exist but event logger records active SYSTEM manipulations. User account shows N/A

Why does Google Search Console’s “Core Web Vitals” say a subset of my pages are all good on Mobile and all bad on Desktop?

Google Search Console’s “Core Web Vitals” is showing these two graphs.

Notice that the number of “good” URLs in one graph exactly match the number of “bad” URLs in the other. Each day always has the same number on each graph, so it’s not likely a random coincidence.

The reports provide only one example, and it is the same URL in both cases (https://rbutterworth.nfshost.com/Tables/compose/). The page is static, with no scripts or forms.

The site has hundreds of other pages (all also static without forms), so what is so special about these reported pages that every one of them would be good in one context and bad in the other?

Graphs of Mobile and Desktop URLs, with the good in Mobile exactly matching the bad in Desktop

Was I hacked? Does the Apple Mail App on Desktop trigger a Google “signed-in device”?

Several of my personal accounts were hacked by my former employer (files were altered). I confronted them, mentioned the platforms but only sent them evidence of my Google account being hacked knowing that they might try to sweep it under the rug.

They conducted an “internal investigation” and concluded that the Apple Mail on my work device triggered those sign-ins. Besides the fact that their explanation doesn’t explain why my other accounts were hacked, I tested their theory and couldn’t replicate it. I looked it up and some people said that pull requests from Apple Mail don’t trigger logins. Can anyone confirm?

In addition, I did more digging and downloaded my Facebook data and this is what I found. It shows everything including the browser used, which a third-party app is not.

The hacks coincide with both a complaint I submitted to IT about their questionable practices and false allegations (made by IT a week after my complaint) that led to my dismissal.

Website not showing mobile version properly – randomly shows desktop version!

Our website here does not show properly on mobile phones much of the time. I have spent many hours trying to fix the issue to no avail.

We’re using a plugin called WPtouch to show a responsive mobile version of the blog. It used to work fine for years. However, in recent months, quite often when I visit the blog on a mobile device it shows the desktop version. This is very detrimental as the text on the site is miniscule and impossible to read.

We’re also using Cloudflare CDN and Swift Performance Lite to try to speed up the site. We’ve tried to clear / purge this CDN and cache regularly, as well as that of the browsers we use on the mobiles we test on. Quite often after we do it starts to show the mobile version of the site, but then reverts to showing the desktop version even on mobiles.

The thing that’s making me tear my hair out is it switches between the mobile and desktop versions on the same mobile phone in the same browser while surfing the site seemingly randomly (which leads me to believe it’s probably not a CDN or cache issue).

Is there anything I may do to finally fix this confusing issue please?

Thanks in advance!

What are the general security implications behind using a web app vs its equivalent desktop app?

In 2020, there are a lot of applications which have a web interface as well as “desktop apps.” Such applications are either the same in functionality or very close. Three examples of this situation are the Slack, Discord, and Keeper Security applications. As a user, I am often left with a choice: Do I use the webapp in the browser, or do I download and install the desktop app?

In order to not be too vague, I’m not going to ask the question “which is more secure?” As this may not be possible to answer without a specific reference. However, there is truth to the fact that many of these applications are running on top of runtimes like Chrome, V8, Electron, Mono, etc…. For the purposes of this question, please assume that the app is of this style and not a “fully native” compiled app written directly in C or C++.

Ignoring any functionality differences (such as, I need the desktop app in order to do livestreaming), please list the general security implications of using the browser app vs desktop app.

For security reasons, why might I prefer to run the web in-browser version of the app rather than the desktop app and vice versa? One such implication could be, “exploitation in a browser-run web app would be limited to the tab’s process, whereas in a desktop app, it could potentially access a greater scope” for example.

Best practices for storing long-term access credentials locally in a desktop application?

I’m wondering how applications like Skype and Dropbox store access credentials securely on a user’s computer. I imagine the flow for doing this would look something like this:

  1. Prompt the user for a username/password if its the first time
  2. Acquire an access token using the user provided credentials
  3. Encrypt the token using a key which is just really a complex combination of some static parameters that the desktop application can generate deterministically. For example something like:
value = encrypt(data=token, key=[os_version]+[machine_uuid]+[username]+...) 
  1. Store value in the keychain on OSX or Credential Manager on Windows.
  2. Decrypt the token when the application needs it by generating the key

So two questions:

  1. Is what I described remotely close to what a typical desktop application that needs to store user access tokens long term does?
  2. How can a scheme like this be secure? Presumably, any combination of parameters we use to generate the the key can also be generated by a piece of malware on the user’s computer. Do most applications just try to make this key as hard to generate as possible and keep their fingers crossed that no one guesses how it is generated?

Windows 10 Remote Desktop fails after laptop screen times out, any ideas why?

I am on a domain, and use the laptop to Remote connect to a server hosting medical software suite. Our server is set to auto lock the screens after 15 minutes if no activity is present. If this happens, then Remote Desktop Connection either takes forever to connect to the other server, or fails to connect at all. If the screen is manually locked using win key + L, then it works fine. Also, all of our other laptops work fine even when the account is auto signed out.

Any ideas on what could cause this or how to go about fixing it? Due to it being isolated to that laptop I have considered it being a Windows 10 issue–although it is a new a Dell latitude 5500 that is doing it. Any help is much appreciated. Thanks!

Best Desktop WYSIWYG

I've seen wix and weebly – but I want to have possession of my files. I feel like WIX will always have you since they have your files. – Can anyone recommend a desktop program? I am not interested in Dreamweaver – I have that and I don't have the time to go back to hard/hand coding. Plus I am not afraid of paying some $ $ for easy to use and powerful tool.
Thanks