Tag: just

Does hidden just mean unseen and unheard?

Exactly what “hidden” means in game is not completely obvious.

Hiding When you try to hide, make a Dexterity (Stealth) check. Until you are discovered or you stop hiding, that check’s total is contested by the Wisdom (Perception) check of any creature that actively searches for signs of your presence.

You can’t hide from a creature that can see you, and if you make noise (such as shouting a warning or knocking over a vase), you give away your position. An invisible creature can’t be seen, so it can always try to hide. Signs of its passage might still be noticed, however, and it still has to stay quiet. (PHB p. 177)

So we know you can take an action do do it, and that when you are hidden from a creature they don’t know (exactly) where you are.

One further hint comes from the Unseen Attackers and Targets section:

If you are hidden–both unseen and unheard–when you make an attack, you give away your location when the attack hits or misses. (PHB p. 195)

Does “hidden” just mean unseen and unheard, like that section suggests? (also unsmelt, unfelt, untasted – generally unsensed) Or does it mean something else?

Some implications if this were the case:

  • There would be some extra niche cases that allowed easier access to being hidden.
  • creatures out of sight of a PC that had the Deafened condition would effectively be hidden from the PC
  • The Silence spell could be used to stop enemies without line of sight to a PC from knowing exactly where they/their party are in its radius (effectively “Mass Hide” as long as they have a line of sight blocker and stay in the radius)

Is Google(Not just Google?) session hijacking possible within the browser?

The following Youtube video talks about Google session hijacking starting from Gmail.

I generally believe that hacking(in modern browsers, excluding short-term criticial bugs) is not possible to be initiated by the owner of a website, otherwise the web would be very dangerous.

There are 2 points in the video that I am skeptical about. Are the following possible(providing any important information)?

  1. Clicking a link in Gmail can lead to a Google session hijack.
  2. Downloading a file, may lead to it being executed in the background.

I have just 4 hours a month to security check a cloud based application – How to use my time?

I’ve been tasked with looking after an application deployed to azure. I have been allocated 4 hours a month.

I essentially have half a workday to secure this application / keep it secure. What is an efficient use of my time?

Should I concentrate on:

  • Making sure all the components are up to date?
  • Checking all the logs to make sure nothing is looking dodgy?
  • Attempting to “hack” the application myself?
  • Documenting the system in detail from a security perspective?
  • Researching current vulnerabilities in this/related tech?
  • Ensuring backups etc are working correctly?
  • Disaster recovery stuff?
  • Creating policy around “being hacked”?
  • Auditing the source code with some tool to search for bad patterns?

Or some combination/something else?

I’m looking for experience based answers, preferably from someone that does this kind of security maintenance. If there is any kind of existing best-practice/guideline that would also really help.

The technology stack is:

  • SQL Server Database (Azure SQL)
  • C# Web API
  • Angular Front End

There are several additional components, but I’m not really looking for tech specific answers, more a strategy on how to approach this.