Is it safe to extract file from potentially infected disk

I have a hard drive used for years, there are windows and many personal files on it. What I called "files" are images, musics, documents (pdf or docx), but not programs. All the "files" were not initially infected. As I said in the title, the hard drive may be infected by malware (I did not safely use it).

My question is : can I extract these personal files on a safe computer without risk of contamination ? In other words, may these files be infected and spread malware ?

Methods to Prove Data Authenticity from Potentially Compromised Sources?

I’ve been thinking about this problem for some time and I wanted to ask if there are any known methods, or research papers, about how to prove "authenticity" or correctness of data originating from a potentially compromised source (remote server, process, etc). Specifically what I’ve been imagining is say you have service A and service B, service B sources data from A but is worried that A has been compromised such that even if data is signed by A, B can’t trust that it was generated by code written by A‘s developers. Is it possible for B to prove to itself that data from A is authentic, that it was indeed generated by the expected code and not injected or generated by an attacker who has compromised A?

One solution I’ve been thinking about is using a sort of distributed ledger or blockchain so that multiple nodes compute the same data, and in doing so raises the bar such that an attacker would have to compromise N% of the services producing the needed data, this provides naturally replication and I can use an appropriate consensus protocol, but ofc introduces some overhead, efficiency concerns, and I would need to think hard about side-effects being performed more than once.

If there is only one node possible of generating data, such as a sensor node, and it is compromised, I’d imagine all hope is lost, but I also wouldn’t be surprised if there is some clever crypto scheme that attempts to solve this problem as well.

I hope it’s clear as to what the question is, thank you.

Does the same site cookie policy potentially change anything for CORS

According to the new same-site cookie policy (once implemented across all browsers) , a third party call from another page would not send along the cookies by default, unless the third party explicitly indicates that by setting appropriate cookie metadata.

As per my understanding, this would help with CSRF prevention. Does it cover all cases for CSRF ? Can this policy obsolete the same-origin policy since it seems to solve the same problems, or does the same origin policy cover other use cases? Does this potentially mean that we wouldn’t need CORS setup on the servers anymore?

Reply to potentially spoofed email

A colleague recieved an unsolicited email along the lines below:

Dear Ms. Smith

please click on the following link to recieve Document X regarding Project Y.

Yours,

Eve Nobody
eve.nobody@company.com


I suggested my colleague to reply to Eve Nobody, and ask whether the email is legitimate. Note, that we typed-in the address of Eve Nobody, since one could tamper with the reply-to header.

I assume three possible scenarios:

  1. Eve Nobody exists and she did send the email
  2. Eve Nobody exists, but she didn’t send the email
  3. Eve Nobody does not exist, and the email-server of company.com will reply with an error message

In all possible scenarios, we only interact with company.com, and not with any potential spoofer. Thus, I consider this course of action safe.

Was my advice sound, or are there other aspects to consider?


For context:

  • We are a firm which does research with academia and industry, hence we have plenty of information on our current projects along with the corresponding researchers. Thus, the information contained in the initial email (a reasonable title for Document X and the title of Project Y) can be gather from our homepage.
  • company.com is a legitimate company, and is involved in some research of ours.

Checking potentially infected photos for stegonography

A friend of mine has an old family PC with a bunch of important photos on it. Unfortunately, from what he told me, it seems like they have fallen victim to a tech support scam some five years ago, during which the scammer had remote access to their machine. They haven’t used this PC ever since that incident, because they were afraid that the scammer might have put some sort of malware onto their system. Since they aren’t super tech-savvy, my friend asked if I could help him safely recover their photos.

My idea would be to connect his HDD to my laptop using a SATA-to-USB adapter, boot into a Linux live environment, mount the HDD there, and copy the photos to either an external HDD or to my NAS. I see one problem with this, however. I’m by no means a security professional, but form what I’ve learned, it’s rather easy to embed a malicious payload into an image file (or at least a file that looks like an image; "steganography", "stegosploit"). So, it seems entirely possible that someone with remote access could have either copied an infected image to their hard drive, or run some sort of malware that infected their own photos. I think it’s unlikely that a tech support scammer would do this sort of thing, but the last thing I want to do is recover their photos and at the same time infect their current devices with malware.

Is there a reliable way for me to check their image files for such embedded malicious payloads (ideally from a Linux system)? My best guess would be to scan these files using an AV program such as ClamAV – do you think that would be good enough? Other than that, all I found were research papers looking into methods for detecting steganography, which leads me to believe that this is still a rather difficult problem to solve…

Edit: I have played around with OpenCV a while ago, which lets you read an image file into a Numpy array. So, theoretically, I could write a Python script that reads each of their photos into a Numpy array and exports it as a completely new image file, for a more of a "sanitizing" approach, rather than a "scanning" one. Do you think this is a good idea (especially of done by someone who’s not a security expert)?

How can I stay safe when I’m visiting potentially harmful websites on Android 9.0+ or similar MIUI?

I mean harmful by the fact that they might have ads, popups or other ways in which they might transfer malware to my phone or exploit vulnerabilities. And by visiting I mean interacting, clicking on items found on them, playing videos on them, like adult sites for an example of such a website.

Is there a sandbox or a VM on such Android phone that might help? Or am I secured if I have a basic antivirus, NoScript and an adblocker? Is there any you would recommend?

Kik app potentially harmful feature

I was on the regular Kik app when someone attached a video, and while watching the video I noticed a button on the video saying “open gallery” which I clicked by mistake. It redirected me to Google.com. I asked how a video can have a redirect button, people said modded kik allows you to do that. How can I know if it was malware or such? I’ve factory reset my unrooted phone, hopefully that solves it? Thank you

How does the reaction timing work for Wrath of the Storm? Can it potentially prevent the damage from the triggering attack?

With attacks of opportunity, the PHB is pretty clear that your reaction occurs as an interruption to your opponent’s move, just before they move beyond your reach, then they resume their turn. Fair enough.

However, there are some abilities that happen during an opponent’s attack – for example, the Shield spell, and a Tempest cleric’s Wrath of the Storm ability. These both say they happen when you’re “hit” by an attack – but the Shield spell raises your AC, so I assume that occurs before rolling damage, and makes it possible for you to be retroactively not hit by the attack. Is the same true for Wrath – that your reaction might KO your opponent, and you wouldn’t have to worry about taking damage?

(I was planning to include Hellish Rebuke in this question but I see it specifically refers to “being damaged”, so I assume that means it happens on your opponent’s turn but definitely after getting hit, meaning you can only cast it if you’re still conscious.)

How does this potentially ally in Curse of Strahd become the party’s ally?

In the Curse of Strahd adventure, you learn from the tarokka card reading of an ally who is destined to help you against Strahd. These possible allies are enumerated on pages 15-17 under the Strahd’s Enemy section.

This ally often doesn’t know this and must be convinced or at least told about the tarokka card reading before they are willing to join you. This is mentioned either as part of their description on pages 15-17, or as part of their description in the area in which you first meet them. As a few examples, the book describes:

An so on.


However, there is one ally in particular for whom there doesn’t seem to be any description of exactly how this character becomes your ally (there might be other allies who aren’t given descriptions of how they become your ally, I didn’t exhaustively search for a description of every single possible ally; I know there are some who will obviously help you, such as Ezmerelda, and therefore do not need a specific description about what it takes to convince them, but the ally I’m asking this question about isn’t as obvious):

This card refers to Vasilka the flesh golem (see chapter 8, area S13).

— p. 17, Strahd’s Enemy

Area S13 is on pp. 150-151, and the entirety of her description (ignoring the “boxed text”) is this:

Unless I’m overlooking something, there doesn’t appear to be any guidance offered to the DM regarding how such a character would become the party’s ally against Strahd. Sure, as a DM, I could come with something, but I’d prefer to know about any possible guidance from the adventure, because currently I’m at a loss with how I would be able to narratively make sense of this.

Is there any guidance that I’ve overlooked with regards to how this character becomes the party’s ally against Strahd?