IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sensitive-data-exposure]

126 questions
30
votes
6 answers

As a contractor how do I work on multiple client networks without data leakage?

I am a contractor who does development for more than one client. Let's call them Client A, Client B, and Client X. I use my own laptop for all 3 clients. Throughout the day, I have to work on and respond to emails and instant messages about…
duggulous
  • 401
  • 4
  • 8
29
votes
5 answers

Does the destruction of sensitive information limit the choice of hard drives to non-flash based devices?

Working with a non-profit organization,it's common to reuse hard drives that have previously stored highly sensitive information such as medical and financial records. This is primarily driven by cost-saving measures to reduce purchasing new hard…
Motivated
  • 1,493
  • 1
  • 14
  • 25
26
votes
4 answers

Do my Windows system binaries contain sensitive information?

I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can…
Niket Bhodia
  • 369
  • 3
  • 4
25
votes
3 answers

Computer name naming convention for security

I've been doing a security audit and found out you can easily identify host roles and running services just by their computer name (using nslookup). I would like to report this so that they use less obvious computer names and it becomes harder for…
Xavier59
  • 2,874
  • 3
  • 17
  • 34
23
votes
12 answers

Is there a way to hide HTML source code yet keeping it effective?

I have a website with a client-side HTML contact form created manually (not as output of an HTML constructor like PHP):
Email Adress:
user123574
20
votes
2 answers

Pwned by a website I never subscribed to - How do they have my e-mail address?

I searched my email addresses in https://haveibeenpwned.com/. One of my e-mail addresses results as having been pwned, and is present in a data breach, in particular the Apollo data breach: Apollo: In July 2018, the sales engagement startup Apollo…
robertspierre
  • 495
  • 2
  • 11
19
votes
3 answers

How to deal with a company that doesn't fix (potential) security vulnerabilities in their web app?

About 2 weeks ago, I stumbled across a web application, that can be used by gyms to manage the information about their members. This includes data like the name, billing address, birth date, and medical history. The gym I am visiting (in Europe) is…
Moritz W.
  • 193
  • 5
16
votes
6 answers

How do I investigate where personal information in a fraudulent email was leaked from?

I have seen an email which is obvious from the content that it's a phishing/spurious email. However, the personal content is quite revealing and specific to that individual. How could I go about investigating how and where this personal data was…
Djuro
  • 169
  • 1
  • 4
12
votes
1 answer

Browser cache information disclosure

Observing the time needed by a browser to load external resources such as images potentially discloses information about whether those resources have been accessed before. Explanation: For example, by embedding the StackOverflow logo within a…
le_m
  • 220
  • 1
  • 6
10
votes
2 answers

Are there regulations that govern how social security numbers are stored and viewed?

I'm working for a client that keeps records of social security numbers in their databases, numbers pulled from screenings and automatically captured from companies and other financial data. A few million SSNs attached to names, addresses, work…
Douglas Gaskell
  • 1,209
  • 3
  • 10
  • 15
9
votes
1 answer

Employer stores plain text personal data in a 'data warehouse'

I'm unsure if I have posted this in the correct community but the organisation I am currently working for currently uses an SQL 'data warehouse' which contains a bunch of tables from various sources, for various purposes. This data warehouse (as far…
nopassport1
  • 193
  • 4
8
votes
2 answers

How to separate storing sensitive data and hash passwords?

Scenario: I have a web application with an authentication system (classic). The application is basically an interface to a DB (MongoDB) which holds sensitive data. I properly hash the stored passwords. Assuming hashing prevents the attacker from…
Icki
  • 81
  • 1
8
votes
5 answers

Hiding sensitive data in URIs

This is a potentially hypothetical question since it has not been determined whether we will be required to do this but I figure it's a question that will come up more often. Background When implementing RESTful services the standard approach is…
JimmyJames
  • 2,956
  • 2
  • 16
  • 25
7
votes
1 answer

Does WhatsApp's link preview on the link messages leak information?

When we want to send a message that contains only a link - such as a question from the Stack Exchange network - WhatsApp displays information from the website as below: Does this leak information about what was sent, and from who, and to whom? We…
kelalaka
  • 5,409
  • 4
  • 24
  • 47
7
votes
1 answer

What are good methods of visual security?

What are good methods of visually securing sensitive information that might appear on your screen from the outside world? An example to illustrate my question would be the following: You're sat in a coffee shop using WiFi to do some work. You want…
li x
  • 462
  • 4
  • 11
1
2 3
8 9