Questions tagged [sensitive-data-exposure]
126 questions
30
votes
6 answers
As a contractor how do I work on multiple client networks without data leakage?
I am a contractor who does development for more than one client. Let's call them Client A, Client B, and Client X.
I use my own laptop for all 3 clients.
Throughout the day, I have to work on and respond to emails and instant messages about…
duggulous
- 401
- 4
- 8
29
votes
5 answers
Does the destruction of sensitive information limit the choice of hard drives to non-flash based devices?
Working with a non-profit organization,it's common to reuse hard drives that have previously stored highly sensitive information such as medical and financial records. This is primarily driven by cost-saving measures to reduce purchasing new hard…
Motivated
- 1,493
- 1
- 14
- 25
26
votes
4 answers
Do my Windows system binaries contain sensitive information?
I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can…
Niket Bhodia
- 369
- 3
- 4
25
votes
3 answers
Computer name naming convention for security
I've been doing a security audit and found out you can easily identify host roles and running services just by their computer name (using nslookup).
I would like to report this so that they use less obvious computer names and it becomes harder for…
Xavier59
- 2,874
- 3
- 17
- 34
23
votes
12 answers
Is there a way to hide HTML source code yet keeping it effective?
I have a website with a client-side HTML contact form created manually (not as output of an HTML constructor like PHP):
20
votes
2 answers
Pwned by a website I never subscribed to - How do they have my e-mail address?
I searched my email addresses in https://haveibeenpwned.com/.
One of my e-mail addresses results as having been pwned, and is present in a data breach, in particular the Apollo data breach:
Apollo: In July 2018, the sales engagement startup Apollo…
robertspierre
- 495
- 2
- 11
19
votes
3 answers
How to deal with a company that doesn't fix (potential) security vulnerabilities in their web app?
About 2 weeks ago, I stumbled across a web application, that can be used by gyms to manage the information about their members. This includes data like the name, billing address, birth date, and medical history. The gym I am visiting (in Europe) is…
Moritz W.
- 193
- 5
16
votes
6 answers
How do I investigate where personal information in a fraudulent email was leaked from?
I have seen an email which is obvious from the content that it's a phishing/spurious email. However, the personal content is quite revealing and specific to that individual. How could I go about investigating how and where this personal data was…
Djuro
- 169
- 1
- 4
12
votes
1 answer
Browser cache information disclosure
Observing the time needed by a browser to load external resources such as images potentially discloses information about whether those resources have been accessed before.
Explanation:
For example, by embedding the StackOverflow logo within a…
le_m
- 220
- 1
- 6
10
votes
2 answers
Are there regulations that govern how social security numbers are stored and viewed?
I'm working for a client that keeps records of social security numbers in their databases, numbers pulled from screenings and automatically captured from companies and other financial data. A few million SSNs attached to names, addresses, work…
Douglas Gaskell
- 1,209
- 3
- 10
- 15
9
votes
1 answer
Employer stores plain text personal data in a 'data warehouse'
I'm unsure if I have posted this in the correct community but the organisation I am currently working for currently uses an SQL 'data warehouse' which contains a bunch of tables from various sources, for various purposes. This data warehouse (as far…
nopassport1
- 193
- 4
8
votes
2 answers
How to separate storing sensitive data and hash passwords?
Scenario: I have a web application with an authentication system (classic). The application is basically an interface to a DB (MongoDB) which holds sensitive data. I properly hash the stored passwords.
Assuming hashing prevents the attacker from…
Icki
- 81
- 1
8
votes
5 answers
Hiding sensitive data in URIs
This is a potentially hypothetical question since it has not been determined whether we will be required to do this but I figure it's a question that will come up more often.
Background
When implementing RESTful services the standard approach is…
JimmyJames
- 2,956
- 2
- 16
- 25
7
votes
1 answer
Does WhatsApp's link preview on the link messages leak information?
When we want to send a message that contains only a link - such as a question from the Stack Exchange network - WhatsApp displays information from the website as below:
Does this leak information about what was sent, and from who, and to whom?
We…
kelalaka
- 5,409
- 4
- 24
- 47
7
votes
1 answer
What are good methods of visual security?
What are good methods of visually securing sensitive information that might appear on your screen from the outside world?
An example to illustrate my question would be the following:
You're sat in a coffee shop using WiFi to do some work. You want…
li x
- 462
- 4
- 11