I work at a small company and we use an external company to take care of all our IT needs (a “managed IT service provider”). This includes managing our windows domain, our network, and everything else. To do so, they obviously have domain admin rights over all the computers.
Some high-profile employees work with sensitive files and data that we need to be sure no one is able to access or steal.
How can we set up our security so that no one in the IT department is able to access what they should not? Is there a way to guarantee this? Or is it required for the IT admins to be trusted?
In other words, if IT administers our firewall and accounts and security, how can we”police” the police?
The security of IoT devices is very important to protect the data uploaded by IoT devices. Because if an attacker force an IoT device to upload misleading/false data, the analytics and insights generated by IoT system would lead to corrupted information.
Therefore in order to make sure that data uploaded by IoT device is guninue and not fake which is the best technique? or in other words how to ensure that the data sent is sent by an authentic device and not the fake (hacked) device?
ow to make sure that data uploaded by IoT device is guninue and not fake? which is the best technique that ensure that the data sent is sent by an authentic device?
As I understand the “Same Origin Policy” is a browser security feature that aims to protect the user. It prevents scripts to load data from another webserver (typicall with ajax).
So esentially there are 3 actors:
- The User in the Browser
- The Original Website
- The “other origin” Web Resource
Does it protect the user ? No: With CORS I can just allow any Origin on a malicious “Other origin” Web Resource
Does it protect the original Website? No: With CORS I can just allow any Origin on a malicious “Other origin” Web Resource
Does it protect the “other origin” Web Resource? No: A browser with Same Origin Policy disabled or a crafted request can be used to get the request trough anyway
I cannot get my head around that. What is the situation where the SOP help and which of these 3 actors does it protect in this situation.
As a Wizard, I can cast Invulnerability on myself, which states:
You are immune to all damage until the spell ends.
Now, if I cast Warding bond (multiple times, maybe) do I suffer the reflected damage when the warded creature takes damage?
In my apache error log I am getting these errors (there are 100s of these lines), most of these IPs are from China.
I guess some bots are trying to find vulnerable files. Is there any way to protect the server against such attacks?
script '/var/www/public_html/bbr.php' not found or unable to stat script '/var/www/public_html/ioi.php' not found or unable to stat script '/var/www/public_html/uuu.php' not found or unable to stat script '/var/www/public_html/qiqi.php' not found or unable to stat script '/var/www/public_html/qiqi1.php' not found or unable to stat script '/var/www/public_html/config.php' not found or unable to stat script '/var/www/public_html/db_session.init.php' not found or unable to stat script '/var/www/public_html/wp-admins.php' not found or unable to stat
I have seen a few ebooks in PDF format where you can't copy and paste the text from that ebook. It suppose this would be really useful if you don't want people to copy parts of your ebook.
Anyone know how to do this? I would like to protect the information in my new ebook a bit better.
I know this is possible, but I don't have a clue on how to do this.
The question How to protect from caller-id spoofing? focuses on how to protect oneself from incoming calls with spoofed caller ID information.
This question is about how to protect oneself when someone is using your number in spoofed caller ID to place calls to others (e.g. to check if a target number is still “live”). A certain subset of those called get angry, call back demanding to be taken off the call list, file complaints, get the number on blacklists that prevent legitimate use, etc.; the spoofer is hurting both the called party and the party whose number is being used. What can the latter party do to protect themselves from these consequences?
Almost everyone is using cloud service providers for their computing needs these days, including myself. I am getting increasingly paranoid about a Cloud Hopper threat recently described in this Reuters article. To summarize:
- Hackers gain access to the cloud service provider.
- They use the cloud’s admin privileges to access the clients’ servers (including mine) and steal whatever information they want there
- When cloud service provider discovers the breach, they keep it super secret from everyone, especially their clients, otherwise their company goes down in a very competitive cloud service market.
- This goes on for months or years until the client discovers that the product it makes is now offered for a fraction of a price by a state-controlled Best New Company Co. Ltd. Inc. from a country that sponsors cyber theft.
So how can I, the client of a cloud service provider, protect my business from this threat? Solutions that come to mind:
- Don’t use cloud services at all. But that is expensive
- Do not store unencrypted sensitive documents in the cloud. But the production code and the database are the sensitive documents too.