Is it possible for windows to start the computer while it’s off? I installed a fresh copy of windows and was looking at the security event logger. It logged 5.2k security audits while I was asleep and when the computer was off (I checked it before going to sleep because of strange behavior).
The name is MINWINPC and its target is the built in domain using remote desktop users. TargetSID is S-1-5-32-555. Subject user ID is S-1-5-18. Security logs show altering stack tracing and escalation of privileges.
Account domain is included in WORKGROUP but all network discovery is off. NETSH shows no domain of WORKGROUP exist but event logger records active SYSTEM manipulations. User account shows N/A
Google Search Console’s “Core Web Vitals” is showing these two graphs.
Notice that the number of “good” URLs in one graph exactly match the number of “bad” URLs in the other. Each day always has the same number on each graph, so it’s not likely a random coincidence.
The reports provide only one example, and it is the same URL in both cases (https://rbutterworth.nfshost.com/Tables/compose/). The page is static, with no scripts or forms.
The site has hundreds of other pages (all also static without forms), so what is so special about these reported pages that every one of them would be good in one context and bad in the other?
Several of my personal accounts were hacked by my former employer (files were altered). I confronted them, mentioned the platforms but only sent them evidence of my Google account being hacked knowing that they might try to sweep it under the rug.
They conducted an “internal investigation” and concluded that the Apple Mail on my work device triggered those sign-ins. Besides the fact that their explanation doesn’t explain why my other accounts were hacked, I tested their theory and couldn’t replicate it. I looked it up and some people said that pull requests from Apple Mail don’t trigger logins. Can anyone confirm?
In addition, I did more digging and downloaded my Facebook data and this is what I found. It shows everything including the browser used, which a third-party app is not.
The hacks coincide with both a complaint I submitted to IT about their questionable practices and false allegations (made by IT a week after my complaint) that led to my dismissal.
I am unable to get past this launch logo in Wolfram Desktop on Windows:
I tried reinstalling and does’t seem to fix the problem.
In 2020, there are a lot of applications which have a web interface as well as “desktop apps.” Such applications are either the same in functionality or very close. Three examples of this situation are the Slack, Discord, and Keeper Security applications. As a user, I am often left with a choice: Do I use the webapp in the browser, or do I download and install the desktop app?
In order to not be too vague, I’m not going to ask the question “which is more secure?” As this may not be possible to answer without a specific reference. However, there is truth to the fact that many of these applications are running on top of runtimes like Chrome, V8, Electron, Mono, etc…. For the purposes of this question, please assume that the app is of this style and not a “fully native” compiled app written directly in C or C++.
Ignoring any functionality differences (such as, I need the desktop app in order to do livestreaming), please list the general security implications of using the browser app vs desktop app.
For security reasons, why might I prefer to run the web in-browser version of the app rather than the desktop app and vice versa? One such implication could be, “exploitation in a browser-run web app would be limited to the tab’s process, whereas in a desktop app, it could potentially access a greater scope” for example.
I’m wondering how applications like Skype and Dropbox store access credentials securely on a user’s computer. I imagine the flow for doing this would look something like this:
- Prompt the user for a username/password if its the first time
- Acquire an access token using the user provided credentials
- Encrypt the token using a key which is just really a complex combination of some static parameters that the desktop application can generate deterministically. For example something like:
value = encrypt(data=token, key=[os_version]+[machine_uuid]+[username]+...)
value in the keychain on OSX or Credential Manager on Windows.
- Decrypt the
token when the application needs it by generating the
So two questions:
- Is what I described remotely close to what a typical desktop application that needs to store user access tokens long term does?
- How can a scheme like this be secure? Presumably, any combination of parameters we use to generate the the
key can also be generated by a piece of malware on the user’s computer. Do most applications just try to make this key as hard to generate as possible and keep their fingers crossed that no one guesses how it is generated?
I am on a domain, and use the laptop to Remote connect to a server hosting medical software suite. Our server is set to auto lock the screens after 15 minutes if no activity is present. If this happens, then Remote Desktop Connection either takes forever to connect to the other server, or fails to connect at all. If the screen is manually locked using win key + L, then it works fine. Also, all of our other laptops work fine even when the account is auto signed out.
Any ideas on what could cause this or how to go about fixing it? Due to it being isolated to that laptop I have considered it being a Windows 10 issue–although it is a new a Dell latitude 5500 that is doing it. Any help is much appreciated. Thanks!
I've seen wix and weebly – but I want to have possession of my files. I feel like WIX will always have you since they have your files. – Can anyone recommend a desktop program? I am not interested in Dreamweaver – I have that and I don't have the time to go back to hard/hand coding. Plus I am not afraid of paying some $ $ for easy to use and powerful tool.
Are there any applications/tools for exploiting desktop applications? (with pre-built exploits)
I’d like to test my Java desktop app for security. I’ve looked at tools like Metasploit, but they seem to be geared towards entire networks. It’s a basic CRUD GUI application