Tag Archives: security
Web – Android development changes about Data Safety section.
Effective July 20, 2022: We’re adding a new Data Safety section to the User Data policy where developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share. All apps must also post a privacy policy in the Google Play Console and within the app itself. See this webpage.… Read More »
PowerShell tips – part 024.
You can access the certificate store using MMC or using CertMgr.msc command. This will show you all certificates in the Local Machines Personal Store:
1 | PS C:\Users\catafest> Get-ChildItem -path cert:\LocalMachine\My |
This will show info about one certificate result on the first PowerShell command:
1 2 3 4 5 6 7 8 | PS C:\Users\catafest> Get-ChildItem Cert:\LocalMachine\My\XXX | Select @{N='StartDate';E={$_.NotBefore}}, >> @{N='EndDate';E={$_.NotAfter}}, >> @{N='DaysRemaining';E={($_.NotAfter - (Get-Date)).Days}} >> StartDate EndDate DaysRemaining --------- ------- ------------- 6/2/2019 8:17:27 AM 6/2/2022 8:17:27 AM -24 |
Also, you can test many PowerShell commands about certificates, like:
1 2 3 4 | PS C:\Users\catafest> Get-PSDrive cert | ft -AutoSize PS C:\Users\catafest> Get-ChildItem Cert:\LocalMachine\Root\ | where{$_.Friendly Name -eq 'DigiCert'} ... |
For the remote servers, we… Read More »
Security – clean and flush your internet settings.
By default, most operating systems will cache IP addresses and other Domain Name System (DNS) records in order to fulfill future requests more quickly. I type in http://free-tutorials.org in my browser’s address bar for the first time, and the browser has to ask DNS servers where to find the site. That information, the browser can… Read More »
Security – QUIC and web browsers.
Originally announced in 2013, QUIC (Quick UDP Internet Connections) is an experimental network protocol, which runs on top of the UDP protocol and is usually requested through port 443 with an Alternative Service HTTP request header flag. … QUIC requests are often made through the same port (443) that is used for TCP requests. The… Read More »
Security – PVS‑Studio.
The development team comes with this intro: PVS‑Studio is a static analyzer on guard of code quality, security known ad SAST, and code safety. PVS‑Studio detects various errors – typos, dead code, and potential vulnerabilities (Static Application Security Testing, SAST). The analyzer matches warnings to the Common Weakness Enumeration, SEI CERT Coding Standards, and supports… Read More »
Security – XXE external entity attack.
XXE known ad XML eXternal Entities is an application security weakness by compromised data processed by an insecurely configured XML parser. XML files may contain the document type definition known as DTD, which describes the structure of an XML file. DTD allows us to define and use XML entities. Let’s see one example:
1 2 3 4 5 6 7 | <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE order [ <!ENTITY lol SYSTEM "file:///D:/texts.txt"> ]> <order> <itemID>&lol;</itemID> </order> |
If… Read More »
Security – uBlock Origin wide-spectrum blocker.
uBlock Origin is NOT an “ad blocker”: it is a wide-spectrum blocker — which happens to be able to function as a mere “ad blocker”. The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites — through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and… Read More »