I remember a post detailing several steps to disable services and increase the privacy of a phone, it was pretty much rooting the phone to disable services, updates, and the like.

Does anyone know the link to that post? Will be much appreciated.

Currently, I use a Raspberry Pi with ExpressVPN Server installed to connect to my home network from elsewhere. This setup requires me to forward two ports on my router to the Raspberry Pi: one for OpenVPN and one for WireGuard.

Would it be safer to operate the OpenVPN and WireGuard services directly on my home router instead of using the Raspberry Pi?

The blog emphasizes the significance of proper stack management and input validation in program execution and buffer overflow prevention, as well as how AI coding assistants empowers developers to strengthen their software against buffer overflow vulnerabilities: Revolutionizing Code Security with Automated Testing and Buffer Overflow Attack Prevention

Non-native English speaker here.

I live in Bangladesh and I am an individual human rights defender. I have a human rights website and do some level of human rights work.

Now, here in Bangladesh there has been "rumored" reports of human rights defenders, having their data wiped clean by some unknown actor. Some human rights defender kept a backup online, but someone used their password to delete the data. These data contained evidence of human rights violation.

Now, as an independent human rights defender working alone, one of the biggest challenges I am facing is keeping my human rights data safe. I don't know of anyone in another country, who would be willing to create a backup copy of my data and keep it offline for safe keeping where they can later publish the work publicly if something happens to me. Most people get scared when you tell them that you are doing human rights work, because they do not want to get involved in such matters.

Now I can create offline copies in pen drive and keep it in my country but that wouldnt keep the data safe and neither would any one be able to publish and continue the work.

There's an organization called SafeBox where journalists can send their data. They will keep the data saved offline and if something happens to the journalist will pick up from their work and continue the work. They do not accept data from human rights defenders

In such a case, what can I do to keep my backup data safe?

Hello!

I'm in the final stages of securing a job offer. I've went through all the interviews and reference checks, but before being provided a written official offer I am now being asked to provide over email a completed i-9 employment form as well as PII like Social Security Number, address, birthdate, and a copy of my passport.

I'm far from versed in internet/tech privacy, but something felt risky about this so I looked it up here on reddit and folks say it's indeed risky. I definitely want to secure this job quickly and make it easy for them get my info in their system asap. What is a quick way to send this out to them somewhat securely? I read one way is to send it in a Google doc with only giving them access. Is that a more secure way than just sending over email?

https://cybersec.gitguardian.com/s/i-asked-40-security-experts-to-share-their-best-advice-it-didn-t-disappoint-13811

Thoughts?

So idk if I'm supposed to post this here but it made sense to me. I would like to make my own password manager because I don't trust companies since the get targeted alot. So if anyone could point me in the right direction for making my own, I would greatly appreciate it.

I'm a beginner in all things coding and I think this might be a good way to start.

Someone told me devices get hacked, not the internet. If this is true, can a computer be hacked that does not used for email or messages, does not use wifi, that only goes online for updates (and perhaps banking), is not on a wired network at the same time as other devices, and for which there is no unauthorized physical access to it, or the network router? Do you have any other tips for keeping a computer safe?

My PC is safe from what I know, haven't had any issues, Kaspersky keeps me safe, along browser extensions. Tonight I wanted to login to Epic Games to get a free game. The striked e-mails are my own, the other two I have no idea how they got there or who they are. I checked Microsoft Edge settings and Personal info, saved passwords, autofill. They don't appear anywhere, just here in this field and site. Checked Chrome on the same site, only my e-mail appear, so the issue is within Edge

https://imgur.com/a/qbFadqB

Hello, I’m a windows 10 user. I don’t know much about computer security so apologies for any bad assumptions on my part. I recently was trying to play the video game Assassins creed (2007) via steam on my computer. However the game would freeze every minute or so making the game unplayable. I looked online and found a solution in this thread:

https://steamcommunity.com/app/15100/discussions/0/3878218962827922348/?ctp=2

As the fix states it involves adding an IP address into the host file.The fix ended up working but I had to change the files security permissions to full control in order to edit it. Was it safe to do this? Since it was in System32 I thought it might be an important file. Should I delete the IP address and change the permissions back after I’m finished with the game?

https://play.google.com/store/apps/details?id=com.tone.freepass

Hi everyone, This is my first attempt in a flutter project!!! I used a concept I had in a project for university. Feedback will be welcomed!!

It's practically impossible to keep track of all our passwords and account names. The obvious alternative would be using only one password, which would lead to serious security problems. The common solution to his problem is to use a password manager but even that raises concerns. Most password managers require the usage of a database to store every password to facilitate usage. That leaves the users in an awkward position where they have to trust the service to keep their information safe and to inform them in case of a breach. Our solution is a stateless password manager where we can generate random passwords in a replicable manner so they won't be stored in a database. The user is asked for optional parameters like website, username and a master password, from which it will generate a replicable password secure and strong against most types of attacks. Free, Safe and secure Stateless Password Manager!!!

Any sure-fire ways to troubleshoot a possible BIOS compromise?

I am running Windows Server 2019 Essential in a Virtual Machine in VMware Workstation Player 17. I have Windows 11 Home installed in my laptop. And in Windows 11, I do not have the secpol.msc file. It mean I cannot change the Local or group security policy.

But the OS server in the virtual machine has it. But I cannot edit the settings there. It is locked. I want to change the Security and Account Settings under Windows Local Security Policy tool. How can I get to edit it ?

Hi all,

I’m just curious and wondering how do attackers know that specific IP just hosted something? Is there a special tools to keep scaning entire world IPs and as soon as it finds some IP hosted something it will detect and notify them?

Because I hosted a web server on a vps that was on cloud for personal use for long time and no scanning attempts what so ever for a long time. As soon as I hosted the webserver and checked the logs, I found so many public IPs tried to brute force random directories on this host. And also so many ports scanning attempts.

Side note: nothing critical on this, and no personal info is stored on this vps at all.

Hi everyone,

in germany there is a quiete new tool called "hacktor".It is bundeled in the software suite "enginsight" (https://enginsight.com/en/pentesting/). It promises a kind of automatic pentest.

At first I thought, that it is a total ripoff. But after my testing I've come to the conclusion that it works amazing. It scans one or multiple IP-adresses and generates a reports which shows every open port and matches it with cve's (examples: https://enginsight.com/wp-content/uploads/Enginsight-Audit-Zielansicht-1024x598.png , https://enginsight.com/wp-content/uploads/2019/09/auditreport_warroom-1.jpg)

I've never seen any tool that comes this near to perfection like this, and i can not quiete understand how it works under the hood. Sure, nmap with vulners works similar, but not as accurate as this.

Do you guys have any clue?

​

​

​

​

Hi all,

I have question on how can I setup a tracking of browsing data & check browsing history on Huawei Echolife EG8145V5 router in my home? Is that possible?

Thanks!

Hello folks,

I've been entertaining the idea of having something like a "panic button" on my Windows desktop that would shut down the computer and force the Bitlocker security key prompt.

I'm researching methods of data and identity protection against an immediate physical or virtual threat. This is one thing that came to my mind. If there are subs that already deal with this matter, please show me.

Thanks!

Enable your website users to use their mother tongue (unicode characters) in passwords.

https://github.com/iapyeh/utf8passwordinput/tree/main

I had an online (Webex) appointment scheduled for 10am, but when I went to open the appointment, I saw an email from the person who scheduled it replying to my email cancelling the appointment (sent at 8:31am). But I didn’t send that cancellation email. I was asleep at that time.

I checked and I didn’t have a copy of the email in my sent folder or trash, nor could I find it in another folder. Header data from the original email (I had her send the original to me as an attachment) indicated the email was sent from an iPhone on my wifi.

I sleep with my phone under my pillow, so my phone was not accessible to someone else. I also haven’t given anyone else access to my email; I’m the only one with the password (and it isn’t a guessable password).

I haven’t had any other issues with strange emails or deleted emails (of which I am aware). The only thing of note was this email was the only one properly scheduled in my iPhone and Google calendars. All my other appointments I make manually.

So, my thought is someone on my network somehow got access to my iPhone calendar or Google calendar, and sent the email that way. I can’t figure out why otherwise more harm wasn’t done.

Does anyone know if this is possible? The only other thing I can think of is someone sent it from my phone (??) and then deleted it from the sent and trash folders, but since my phone was under my pillow that seems unlikely. I sleep very lightly.

FWIW the security logs in Gmail indicated no login around that time (showed my logins from the night before and then nothing until 10am), but I’ve realized it groups similar logins and sometimes seems to remove login records with a logic I cannot detect.

Just got a Dell Lattitude laptop assigned to me at a new government job. I noticed there’s an infrared or some other sensor to right of camera. I read online that this model of Dell laptop includes “presence detection” in the feature descriptions.

Is it a safe bet my agency is monitoring the amount of time I’m spending in front of my screen?

What type of information can a community or online forum, such as Reddit or any other platform, collect from its users, and what types of information are beyond its reach? For instance, it's commonly understood that IP addresses can be collected, but what about MAC addresses? Are they accessible to these platforms?

Recently, my family's business faced a cyber attack, pushing me to dive into the world of cybersecurity. This experience opened my eyes to the importance of protecting digital assets and has ignited a passion in me to pursue a career in this field.

I'm at the beginning of this journey and feeling overwhelmed by how much there is to learn. I'm reaching out to this community for advice on where to start, essential resources, and any tips for a newbie aspiring to make a difference in cybersecurity.

How did you begin your journey in computer security? What are the must-know basics, and how do you keep up with the constantly evolving threats?

Appreciate any guidance you can offer.

A few years ago, I noticed a peculiar trend among some popular websites with large traffic volumes. Despite their massive user base, many of these websites, including some major online stores (Best Buy), learning platforms (Udemy) and email services (GMX.com), did not provide 2FA to secure their users' accounts.

Later on, when these services finally implemented 2FA, some of them chose to offer SMS as the only or default option. While this might be better than no 2FA at all, given the risks of SIM swapping scams & SMS phishing and so on, SMS can be regarded as an insecure 2FA method.

It's still a bit of a mystery to me why it took some well-known services so long to implement 2FA. It's worth noting that even some non-profit, community-driven message boards (such as VOGONS) have successfully implemented 2FA without SMS.

Why did it take some prominent websites and services with a large following so long to implement 2FA?

We've just discovered a security breach affecting our company's data. I'm part of a small IT team, and we're urgently seeking advice on how to handle this.

Situation Brief:

• Detected unauthorized access to our network, compromising sensitive data.
• We Isolated affected systems, assessing the damage.

Seeking Advice:

• Immediate Steps: How do we mitigate the impact and secure our systems ASAP?
• Damage Assessment: Best practices for evaluating data compromise and communicating with stakeholders?
• Prevention: Recommendations on tools/strategies to prevent future breaches?

Any guidance, resources, or tips from those who've navigated similar waters would be invaluable right now.

Thanks in advance for your help!

I was watching a series on some random site and I got a pop up. It downloaded a file called “zip.jar”. I deleted it instantly but I still want to if I’m safe? Can this file execute even though I didn’t open it?

This morning I received a lengthy email to my junk mail stating that someone has my email address and password and is asking for, actually demanding $1500 so as not to send explicit videos to all my contacts. I don’t have any explicit videos and I don’t visit any kind of adult websites, but this email says that they have proof that I have and that I have three days to send them $1500 or they will release everything to all my contacts. I’m sure they can make up anything they want. I’m don’t know what to do at this point, is there anyone that can be called to whom I can report this? Thanks in advance.

Why do Google's Advanced Protection Program blocks installing apps from third-party repos (like F-Droid)?

Hi, I've started using Google's Advanced Protection Program (I'll later call it APP) to secure my account with 2 YubiKeys, unfortunately enabling it broken F-Droid on my phone. I mean I cannot install any new app from F-Droid, I can only update apps that were installed before I enabled APP. As far as I read there is no option to disable this app installation blocking. BTW, Google in their help page claims that external app stores that were installed before enabling APP will not be affected, but supposedly Google doesn't recognize F-Droid as such. In my opinion being unable to turn this "protection" off is stupid and straight anti-consumer. If someone uses F-Droid it's their own decision, their own risk and their own responsibility to check whether what they installed is safe. Honestly speaking it's even simplier on F-Droid because of the open-source software being served there. So now people like me got such message from Google: "If you want to use APP you must not use open-source shop that we do not control, but rather use Google Play that we do control and make money on it." Is it really a company that claims to be interested in security and promoting OSS?