Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Spuff

Pages: [1]
1
Help & Suggestions / Re: HTTPS Support
« on: October 21, 2014, 02:27:07 pm »
Quote from: Arnox on October 19, 2014, 09:38:48 pm
Actually, I think it may be an easy deal to enable HTTPS for my hosting. If I'm not much mistaken, I would just move the server files over to the https folder.

You don't need to move anything (to the best of my knowledge) You have a couple of options:

You can force everyone to use HTTPS by making an .htaccess rule which 301 redirects everything from HTTP to HTTPS.
You can leave HTTP and HTTPS working together. There's something up with the stylesheet though. Try it for yourself, load the site over HTTPS and you'll see what I mean.

2
Network (in)Security / Re: How People Destroy Evidence on a hard drive(Pictorial)
« on: October 19, 2014, 04:26:03 pm »
Quote from: Rook on October 19, 2014, 03:42:34 pm
Just curious, and you all may know this... Say a person keeps their sensitive or secret information on a portable HD, and access it via a desk/laptop.. And a situation occurs where you need to discard such information.. If you only used the desk/laptop to open/read the information.. is it necessary try and obliterate its hard drive, even though the sensitive data was never actually stored on it? Similar to trying to access something from your recent places folder that was originally opened through another source (usb or external hd), and the information cannot be found... could there really be something there, or is it relatively safe? I'm thinking yes, but eh.. I dont claim to be the most savvy on the subject.

I wish I knew the answer. If for some reason, the information is moved into a temporary directory on your computer then it'll be recoverable. If it's just cached in memory then it won't be. But I don't know enough about it to give you a better answer :(

3
Network (in)Security / Re: How People Destroy Evidence on a hard drive(Pictorial)
« on: October 19, 2014, 02:25:35 pm »
Quote from: Infinityshock on October 19, 2014, 11:36:25 am
if the hard drive platters are intact....as in if software was used to supposedly delete info...the potential exists for info to be retrieved.

Another method that doesnt involve hammers is using a propane hand torch to melt the platters, which is more effective.

I don't know about more effective, both methods involve fucking up the platters in some way. I think I'd rather smash it up, then at least you can scatter the pieces all over the place.

4
Help & Suggestions / HTTPS Support
« on: October 19, 2014, 08:42:25 am »
Are there any plans to enable support for HTTPS in the future? In the interest of keeping communications safe from interception, it would be a positive idea. I'm sure there are users here who access the site from the workplace/school/university and wouldn't want their actions to end up in the network logs ;) Or maybe you don't trust your ISP but can't afford a VPN, I dunno.

Edit: Just realised HTTPS is actually enabled, through Cloudflare. But it doesn't play well with the stylesheet by the looks of things.

5
Network (in)Security / Re: How People Destroy Evidence on a hard drive(Pictorial)
« on: October 19, 2014, 08:18:34 am »
This is a reliable method for destroying a drive for sure. If you want to keep your drive physically intact and use software to zero your drive instead, Dariks Boot And Nuke (DBAN) is a great alternative.

6
Network (in)Security / Re: What platforms do you use security testing of web applications?
« on: October 18, 2014, 04:29:28 pm »
Burp rocks. Acunetix is a web vulnerability scanner so it doesn't have the same functionality as Burp, but you can use the two together for better results. If you're looking for intercepting proxies like Burp, there's OWASP ZAP. For vuln scanning, check out w3af. Nikto is also great.

Pages: [1]