Questions tagged [data-leakage]

Data-leakage is the uncontrolled, unauthorized transmission of classified information from a data centre or computer system to the outside. Such leakage can be accomplished by physical removal of data storage devices (diskettes, tapes, listings, printouts and photographs of screen copies or handwritten notes) or by more subtle means such as data hiding (steganography) or even plain old human memory.

425 questions

310

votes

16 answers

SQL injection is 17 years old. Why is it still around?

I'm no techie and would like your expertise in understanding this. I recently read a detailed article on SQLi for a research paper. It strikes me as odd. Why do so many data breaches still happen through SQL injection? Is there no fix?

web-application sql-injection data-leakage

asked Jun 27 '16 at 05:13

Ishan Mathur

2,603
2
10
9

205

votes

6 answers

How secure is 'blacking out' sensitive information using MS Paint?

I'm wondering if it's safe to black out sensitive information from a picture just by using Microsoft Paint? Let's take in this scenario that EXIF data are stripped and there is no thumbnail picture, so that no data can be leaked in such a way. But…

forensics data-leakage image

asked Jun 13 '16 at 22:25

Mirsad

10,005
8
33
53

202

votes

22 answers

How can I explain to non-techie friends that "cryptography is good"?

After that case in which Brazilian government arrested a Facebook VP due to end-to-end encryption and no server storage of messages on WhatsApp to prove connection with a drug case, it's become pretty common for friends of mine to start…

cryptography data-leakage

asked May 13 '16 at 18:54

user28177

106

votes

8 answers

Ex-contractor published company source code and secrets online

Just found my current company code on the plain internet. We are talking hundreds of thousands of lines of scripts and configurations, including database schemas and a fair amount of internal information. Looks like an archive of some project(s),…

data-leakage legal infoleak

asked Aug 09 '19 at 10:57

user5994461

1,216
3
12
11

103

votes

4 answers

Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

Lots of different programs, such as Darik's Boot and Nuke, let you write over a hard drive multiple times under the guise of it being more secure than just doing it once. Why?

data-leakage deletion storage

asked Jan 07 '12 at 18:58

Tom Marthenal

3,272
4
22
26

102

votes

8 answers

How can I reliably erase all information on a hard drive?

As storage technologies change over time, using different encodings and remappings to deal with sector errors, the best way to permanently erase/wipe/shred data changes also. Methods for flash drives and other solid-state drives are covered nicely…

hardware data-leakage destruction deletion storage

asked Jul 28 '11 at 14:40

nealmcb

20,544
6
69
116

votes

6 answers

How do you destroy an old hard drive?

How do you destroy an old hard drive? To be clear, unlike questions Secure hard drive disposal: How to erase confidential information and How can I reliably erase all information on a hard drive? I do not want to erase the data and keep the hard…

hardware data-leakage risk-management destruction

asked Feb 02 '12 at 14:09

Xonatron

1,063
1
7
7

votes

2 answers

Does Windows 10's telemetry include sending *.doc files if Word crashed?

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph: User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc,…

privacy data-leakage windows-10

asked Mar 01 '19 at 06:53

VoodooCode

votes

8 answers

Are powerline ethernet adapters inherently secure?

I have 2 Zyxel PLA407 powerline adapters. Router is downstairs connected to one adapter, other adapter is upstairs about 30 feet away connected to a desktop. I have a house, not an apartment or townhouse. I've noticed the speed is much faster when i…

encryption network data-leakage physical

asked Dec 13 '11 at 18:52

v15

1,741
4
16
18

votes

7 answers

How do I inform a company I found a leaked database of theirs on the Internet?

Recently I found a leaked database of a company and I do not know how to go about contacting the company. It is so weird because I cannot find any type of Information Security contact email to report this to. It just has a support email. I feel…

data-leakage disclosure

asked May 26 '20 at 09:34

Arkest Must

votes

17 answers

Alternative to sending password over mail?

Recently I've started working as a contractor for a company, which requires me to often log in to different b2b services. The way I receive the login data is usually over email in plain text. My gut feeling tells me sending sensitive data in plain…

email password-management data-leakage

asked Apr 03 '19 at 10:10

aMJay

3,615
5
11
20

votes

2 answers

Why is credit card information not stolen more often?

Nowadays there are a lot of hacked websites with stolen login information. In many cases the website states that no credit card data and/or payment information was stolen. Why is that? What I assume is: That both, the database storing the payment…

databases credit-card data-leakage

asked Dec 22 '16 at 09:07

tim

votes

9 answers

Is it urgent to revoke the access to a private repo once a person has been mistakenly granted it and become aware of this?

There has been a post on Niebezpiecznik.pl, a popular InfoSec blog, describing an interesting situation. A company mistakenly granted access to their BitBucket repo to a a random programmer. This programmer subsequently alerted various employees of…

data-leakage permissions

asked Nov 22 '17 at 12:18

gaazkam

5,607
11
24
37

votes

7 answers

How to securely, physically destroy a hard drive at home?

Hard drive in question has sensitive unencrypted data but has failed and no longer responds so can't be wiped. I'd like to physically destroy the said hard drive (3-1/2" desktop, spinning platter drive) before discarding it. What "home remedies" are…

data-leakage physical-access disposal

asked Sep 12 '15 at 04:30

DeepSpace101

2,143
3
22
35

votes

3 answers

Should we keep logs forever to investigate past data breaches?

Listening to the Secure code lessons from Have I Been Pwned made me really think about logging. It appears that in the real world a lot of data breaches are discovered long after they happened which makes the investigation and recovery much more…

attacks data-leakage logging incident-response data-recovery

asked Dec 20 '17 at 16:53

alecxe

1,515
5
19
34

2 3

…

28 29 Next