In part 0 of our web server security series, we discuss things to consider before setting up a server. These considerations are very important to ensure secure operation of your server in future.
Today, the virtual machine “Netmon” on Hack The Box retired. In this walkthrough, we show one way to retrieve the “user.txt” and “root.txt” files.
After publishing our article about incomplete privacy policies of mostly private servers, several readers asked us for guidance on identifying incomplete privacy policies.
Every year, reports about the worst passwords of the year show up. Every year, all of us see the same worst passwords like “123456”, “111111”, “querty”, or “password”, still used by thousands of people. And every year, security people tell us that we must change our passwords regularly, our passwords must have at least n digits, and of course, using biometrics is insecure, short passwords are insecure, using words is insecure, reusing passwords is insecure, and so on.
While countless blogs flood the internet with tips and best practices to keep your passwords “secure” and creating “perfect” passwords, many of them forget about two important things: keeping it simple and defining a threat model.
One year ago, the European General Data Protection Regulation (GDPR) became enforceable after a two-year transition period. In the wake of this event, the media reported about several administrators who decided to permanently shut down their (small) websites while many non-EU websites started to block all EU-based IP addresses. Some people spread myths, and soon afterwards the media lost interest in the GDPR. Taken as a whole, the GDPR caused confusion despite the fact that former national privacy laws were mostly as strict as the GDPR itself.
In this article, we look at the privacy policies of 20 websites (operated by private individuals) to check whether they provide information for their users according to Articles 12 and 13 (GDPR).