IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [automation]

35 questions
11
votes
2 answers

Anti-bot JavaScript library identification

I'm doing a research on anti-bot measures that websites can use to prevent automation. I came across a JavaScript library and I'm trying to identify its origin. At first I thought it's a site specific library but after further research I found that…
Reyno
  • 213
  • 1
  • 2
  • 7
10
votes
4 answers

Do mail servers follow links in emails as part of a security scan before inbox delivery?

I've implemented a passwordless login using a magic link and email. The link can be used only once. One customer is complaining that once they click the link, the page reports that the link is already used. This is indeed what I implemented, but I'm…
Chris
  • 211
  • 2
  • 9
9
votes
1 answer

Automatically Open LUKS Container on System Boot in a safe manner

I have a linux system running at a cloud provider where I created an encrypted container using LUKS to store personal data. The encrypted container is manually mounted at /srv; the rest of the system is unencrypted so that the server and especially…
phisch
  • 1,305
  • 10
  • 14
5
votes
1 answer

Security in automated systems using Puppet and Chef

In an extremely interesting presentation at Puppet Camp London, Tomas Doran suggested a pretty radical approach for keeping everything automated by managing tons of Docker containers with Puppet. As a security-conscious person, I like the idea of…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
5
votes
2 answers

Incident Responders: Can you give some examples of Incidents / types of incidents that are suitable for fully or partly automated response?

You setup security monitoring - either a full commercial SIEM/SOC or something home-cooked (e.g., rsyslog -> OSSIM / MozDef / Splunk / ...). You also setup some rules so that some event triage is done - and you only get alerts for potential…
Sas3
  • 2,638
  • 9
  • 20
4
votes
1 answer

How to detect whether a GnuPG private key has passphrase on it from a script?

I've written a script to help our developers store a copy of their private keys without a passphrase inside our Puppet tree (not committed to Git) so our Vagrant boxes can use Hiera with eyaml + gpg (https://github.com/sihil/hiera-eyaml-gpg) to…
Amos Shapira
  • 141
  • 1
  • 4
3
votes
1 answer

Port-forwarding to a web server on Raspberry Pi

I've recently created a relatively simple smart Christmas tree which is a Raspberry PI Zero W powered LED strip. In order to control it via IFTTT webhooks, I've started a lightweight flask server on the Raspberry Pi - on a specific port with several…
alecxe
  • 1,515
  • 5
  • 19
  • 34
3
votes
1 answer

IFTTT maker channel and Security Concerns

This is about IFTTT Maker Channel and security around it. They announced a new Maker Channel recently where you can receive and make web requests for automation. For example, I can turn ON/OFF my home lighting by looking it up with Google Home.…
Manny
  • 1
  • 2
3
votes
3 answers

Did information technology had a increase or decrease in security with the introduction of automatic update features?

For obvious reasons we teach users Always update... updates are good... never forget updates, et cetera! Apart from the danger of malicious advertisements that make use of that showing users that they need to "update", I want this question to…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
3
votes
1 answer

How can I list all self-signed certificates in my stores on a Windows client?

I'm on a mission to list the self-signed certificates ('issued by' and 'issued to' match) on my machine via an automated method. PowerShell is available for use. Preferably the results would be exported to a nice human-readable file.
Camelspiders
  • 33
  • 1
  • 1
  • 4
3
votes
1 answer

Automate certificate signing in Linux

In a private network I wish to automate signing for new clients/servers. Something like this: New client is created (dockers & etc) The client create a new private key and a CSR The client send the CSR to a different server which sign it using the…
michaelbn
  • 203
  • 2
  • 8
2
votes
3 answers

How do to keep programs updated

We all know we should keep our programs up to date, after all each of them could have an unlatched security hole that was fixed in the latest update. However the average computer easily contains 200+ programs and only few of them actually contain…
Thijser
  • 353
  • 3
  • 12
2
votes
2 answers

Fetching GPG private key from Linux server to decrypt files on a Win 10 computer in production

I have a need to fetch automatically the GPG private key from a Linux server to decrypt files on a Windows 10 computer in production. There are a few challenges here: How to assure SCP from the Windows 10 to the Linux server that not everybody who…
Ferit
  • 121
  • 3
2
votes
1 answer

Network with one possible unsecure device and one home assistant device

Background: I have a google home and I plan to buy 1 or 2 cheap cameras to monitor my home when I'm not in it. I plan to have the camera connected to a wifi plug, so I can switch it off via the app over the internet. The google home device is not…
Nigel Fds
  • 453
  • 4
  • 11
2
votes
2 answers

Pros and cons of installing security updates automatically?

I recently got into a discussion regarding automatic installation of security updates. The system is used and managed by a small nonprofit organization—essentially one or two admins managing the system in their free time. They typically touch the…
user149408
  • 347
  • 2
  • 9
1
2 3