IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [file-access]

143 questions
131
votes
9 answers

What stops Google from saving all the information on my computer through Google Chrome?

I noticed that in Google Chrome, if I type in file:///C:/Users/MyUsername/Desktop/ it shows me all of the folders on my Desktop, and I can type open up PDFs and such in chrome just by typing in the file path. What processes and systems are in place…
Pro Q
  • 1,349
  • 2
  • 7
  • 10
47
votes
3 answers

Reason to not use chmod -R 777 on internal server for project source code?

From my days of amateur web development the principle of least privilege has beaten into me not to use chmod -R 777 dir. I have personally never needed it, so I've never used it. I now work on a development team professionally, and we recently…
user1717828
  • 2,392
  • 13
  • 19
46
votes
2 answers

Claim that Skype is an unconfined application able to access all one's own personal files and system resources

Situation I was about to install Skype on a laptop driven by Ubuntu 18.04 LTS Desktop. The software installation helper graciously informs me that Skype is unconfined. It can access all your personal files and system resources as per the…
XavierStuvw
  • 965
  • 2
  • 8
  • 15
29
votes
2 answers

Something is changing my hosts file without asking

First: I can't find any information on this phenomenon, not anywhere on the net. I don't know which application does it, but something in my Windows 7 Home Premium system (fully updated & legal) updates my hosts file. I have UAC enabled. To edit my…
Jacob Bruinsma
  • 413
  • 1
  • 4
  • 8
24
votes
1 answer

Does a single fopen introduce TOCTOU vulnerability?

I'm actually fixing driver under Linux. Klokwork said that code like: file = fopen(fileName, "w+"); // w+,r,a and any mix of those is used here if (file != NULL) { /* do things*/ } else { /* throw error */ } fclose(file); can end as Time-of-check…
user209896
  • 243
  • 3
  • 4
21
votes
3 answers

Would it be plausible to write your own anti-crypto-ransomware tool?

Question After reading about how basic ransomware targets and encrypts your files. I was wondering if it would be plausible to write your own script to try and detect such activities? Initial Research Effort I have looked at different ideas people…
Chris
  • 735
  • 7
  • 15
18
votes
6 answers

How do I prevent copying of my PDF files?

One time while I was printing my documents at a copy center, I saw they dragged-and-dropped my PDFs from my flash drive to their desktop. How do I protect my files without using password? Is there a way to make a file open once and after that…
Олег Кривцов
  • 191
  • 1
  • 1
  • 5
16
votes
3 answers

Monitoring file access on Windows

I need a way to monitor user file access on windows. What I need is: monitoring of user opening, modifying (don't need to know what the changes were, just that a file was modified), copying, pasting and renaming files file access monitoring on…
tkit
  • 3,272
  • 5
  • 28
  • 36
11
votes
3 answers

Is denying write access an effective way to stop ransomware?

I'm looking for ways to defend against ransomware. As part of this strategy I've come up with the idea to block myself from writing to as many locations (and files) as possible. It may be assumed that the active user is always logged-in as standard,…
SEJPM
  • 9,500
  • 5
  • 35
  • 66
10
votes
3 answers

Security tradeoffs of pathname-based MAC (e.g., TOMOYO, grsecurity, AppArmor, ...)

I have been learning about MAC (Mandatory Access Control) systems in Linux. Often, but not always, these are tied to Linux Security Modules. Some systems I've looked at: SELinux, Tomoyo, AppArmor, grsecurity, Smack. As far as I understood, all…
humanityANDpeace
  • 1,412
  • 1
  • 12
  • 24
8
votes
2 answers

What files should I download or check on a Windows system in case of Local File Inclusion (LFI)?

I have a question about a Local File Inclusion (LFI) vulnerability on a Windows system. When it's possible to download any file from the operating system (OS), which file should I download first? I'm currently only aware of this vulnerability and no…
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
8
votes
2 answers

What's ownership concept for?

I fail to grasp the necessity of using concept of owner (ownership) and find clear explanation of its necessity. What cannot be done without concept of owner(ownership) in filesystem/database object security (permissions) systems? Or, why is it…
Fulproof
  • 183
  • 4
8
votes
5 answers

Could ransomware be stalled while encrypting?

I have been reading about ransomware, and I was wondering if it could be defended against by having certain "trap" files on a drive. Sometimes I look through Code Golf and am thoroughly impressed by some of the solutions posted, some of which I…
elmer007
  • 849
  • 1
  • 6
  • 8
6
votes
3 answers

How to restrict skype file transfer outside of LAN

We are a mobile application development company. Due to the security of Source Code and other files, we need to restrict Skype file transfer outside of LAN. How to restrict Skype file transfer outside of LAN?
Md Mahbubur Rahman
  • 476
  • 2
  • 5
  • 15
6
votes
4 answers

How to securely share files with other individuals?

I have a collection of files I would like to securely share with a small number of other people. The collection is mostly static; no more than one or two new files will be added per month (after the initial set up). The files are mostly PDFs, videos…
Nick Heiner
  • 193
  • 6
1
2 3
9 10