All Questions
13
questions
86
votes
6
answers
20k
views
How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me? [duplicate]
I depend on PHP CLI for all kinds of personal and (hopefully, soon) professional/mission-critical "business logic". (This could be any other language and the exact same problem would still stand; I'm ...
4
votes
3
answers
493
views
How do we cross-verify if the device is doing exactly what it is supposed to do?
How do we know any device is doing what it is supposed to do? For example, Android is an open-source OS (ignore google libraries for now) and they do claim that all passwords will only be stored on ...
1
vote
1
answer
138
views
How can I ensure consistent privacy policy of my DNS server to that of the TLD's privacy policy?
Whenever I query example.com, one of the TLD root servers for .com will be queried for example.com. This query includes my IP address, and in theory could be used to identify my browser session.
...
1
vote
0
answers
127
views
Are missing access logs for a non-production environment populated with over 5 million patient records a big deal?
LOL. I have no background in infosec, so I was hoping to get some input on a very strange thing that has come up involving my local health service provider.
Any input would be swell!
-
A case ...
3
votes
2
answers
12k
views
Can Google Policy Profile remotely erase all data on the device?
I'd like to configure my company's Google e-mail on my iPhone, however when enabling e-mail profile in Inbox, Gmail, Mail or any other app, the following Device Policy Alert is shown:
To use Google ...
3
votes
1
answer
169
views
How can I prove that I adhere to stated privacy policy? What audits are effective for voluntary compliance?
I have a website and mobile app that doesn't store data or PII.
Suppose I'm not subject to any special privacy laws. How can I voluntarily submit myself to an audit to ensure that I'm acting true to ...
3
votes
1
answer
149
views
How to decide what information should be shown to an user? [closed]
For instance:
Object ids (e.g. users ids)
emails
Addresses, are part of them
Photos
Videos
Usage
Reviews
Number of associations
etc.
The user can be:
The user owning the data
Another user
An ...
3
votes
2
answers
584
views
Social security and bank account numbers in plain text in web app
I am in an "argument" with my company about them showing each and every employees social security and full banking routing / account number in plain text on a leading hosted HR Management software ...
0
votes
1
answer
214
views
Surveillance in the Workplace? [closed]
Auditing, surveillance and logging are typical and common place in the workplace, understandably so. These actions are crucial to establishing metrics and performance of the network and its resources.
...
5
votes
2
answers
485
views
Can we determine how securely files are stored on a cloud storage service?
After asking two questions about the security of online cloud storage, it seems to me that we can only at best speculate as to the security practices of the hosting company, and believe what they tell ...
4
votes
2
answers
309
views
How can I verifiably demonstrate that steganography or hidden partitions do not exist?
I want to verifiably demonstrate that there are no hidden partitions, or hidden messages in a given message.
In this scenario, assume the subject is being monitored (consensually) and agrees to align ...
9
votes
1
answer
9k
views
How secure are the passwords stored at Google Passwords? [closed]
It seems Google activated central place for storing app/website passwords which is accessible at https://passwords.google.com/ and all the remembered Chrome passwords are synched there.
In what ...
6
votes
2
answers
13k
views
Extracting the GPG userid from the Public key file?
Is it possible to extract userid from GPG public key?
I got public key only and want to know to whom it might belong. I find one possible workaround — to publish this information on keyserver — it ...