How can we lower the risk of migrating from an old site to a new site?

background knowledge about our app so you can have context :

  • we are a multi-vendor B2B e-commerce website
  • our users base is fairly small, with about 400+ active customers
  • most of our users are middle-aged men and don’t have much experience in using tech
  • We have an old e-commerce site that was built using an old e-commerce platform, it served us well but we grew out of it and built our own custom e-commerce platform

these are the main risks we are worried about :

  1. the new site’s UX matches the old site by 60%-70% so because of our demographic we are very worried that not negligible part of users might get discouraged using the website and because we are a B2B site even a small percentage of users can equal a lot of orders/money.
  2. when we launch the new site we don’t want to kill the old site right away, we want to keep it running as a backup plan till we know for sure that the new site is stable, but that will raise a few concerns :
  3. should we let users use the old site and place orders?
  4. should we synchronize between the old DB and the new DB (it’s tough technically) so we can have a single source of truth?

thanks a lot 😀

safety – USB miner and risk of fire

I wanted to try-out mining from a pool from a raspberry pi. I ended up buying a USB ASIC miner (not sure I can post brand here). It’s a bit bigger than a USB drive and mounted with heat sinks and fan. It is connected to a USB hub which is powered separately. I think it draws about 10 watts ( 5v x 2A)
My question is, if I let it turned on all the time, does it have a risk of fire? The electricity in my house is reliable (wires are safe), but I’m concerned about the heat. Or any other risk it starts a fire while I’m sleeping (for now I’m not letting it on when I leave the house).
Am I being paranoid? Any particular recommendation?

Is Your Banking Information at Risk When You Use the Internet?

This is a blog which contain all type of Banking Information like – Internet Banking, Mobile Banking , SMS Banking, Missed Call Banking, ATM Card, Debit Card, Green PIN Generation, Cheque Book, Bank Form Download, Credit Card, Bank IFSC Code, MICR Code, SWIFT Code, Bank Customer Care Number, Bank Balance Enquiry Missed Call Number, Bank account mobile number registration process, Bank account mobile number Change process and much more. Also here you can found Finance related all tips like – Mutual Funds, Investment, Insurance, Loan, Share Market, Cryptocurrency, all type of Tax related information. Apart from this here we will provide quality content about all type of Wallet, Payments Bank, Private Bank, Gramin Bank, Rural Bank related information. For how you can protect yourself from frauds we will also private Security Tip related post in this platform. We will provide quality and authorized content so this is the best place for this type of information. explainmebanking.com

.

tls – Why is this kind of company wide license not a security risk?

Until now most websites I know either check licenses via:

  • individual employee accounts (login needed)
  • an internally hosted website that is already licensed company-wide (without login)

However, in recent years I came across multiple websites that apply licenses as soon as you enter the site, as long as you’re inside the company network. I couldn’t find out how this feature is called or how it works, altough I have some suspicions.

Most bigger companies are really careful in terms of security, they block unsafe sites and monitor web traffic with for example deep packet inspection.

But nowadays TLS limits even a lot of the simpler inspections and it clearly seems that in this case there is not only an inspection, but also an injection of some sort. Why isn’t that a huge security risk for the company and the end user?

I primarily noticed this when I joined the guest WLAN with my personal laptop and the licenses still got applied without my active knowledge.

Security risk of embedding JWT in URL?

As designed, this makes your system significantly less secure. That’s because you’ve turned a token which authenticates an entire session and embedded it into a URL, where it is much more likely to be exposed, such as in browser history or in logs. If that token is exposed, so is access to the entire user session.

What would be more secure is if you you created an authentication token that was restricted to that URL (say, by taking a hash of all of the remainder of the URL and embedding that in the token). That would limit the scope of the exposure to access to that particular URL.

In addition, you should also make sure that either the JWT does not contain any identifiable information or that it is encrypted, so that if it is exposed, you haven’t revealed potentially sensitive information about the user, and also you should limit it to the shortest possible timeframe possible to minimize the consequences of exposure. These latter two options are best practices anyway, so you should consider adopting them regardless.

With those constraints, using some sort of authenticated URL isn’t intrinsically insecure. They’re used with suitable constraints by many websites, including Amazon S3, and while putting the data in the header is better, using the authentication in the URL isn’t bad.

soft fork – Is there network split risk for Taproot activation with two releases (Bitcoin Core and Bitcoin Taproot)?

Every soft fork or consensus change involves a (very small) non-zero risk of a network split. That risk is considerably lower for a soft fork than say a hard fork (where all nodes need to upgrade). That’s why soft forks aren’t attempted every month or year. All you can do is minimize that risk.

Aaron lays out some scenarios that are theoretically possible. Any incompatibility between “Bitcoin Core” and “Bitcoin Taproot” during the Speedy Trial deployment is in my view highly unlikely. If Speedy Trial fails to activate and we reach November 2022 (please note 2022 not 2021) without miners activating then we are in a similar scenario to the UASF in 2017 where it depends on what the economic majority is running. I can’t predict what the economic majority would be running in November 2022 but I highly suspect the delaying of Taproot activation would be at the top of everyone’s minds.

You do have to weigh up these risks of a network split with miners deliberately blocking Taproot activation potentially forever. If we were to say no more UASFs ever again because we don’t want to take any network split risk that would be handing miners a permanent veto to block the activations of soft forks that have community consensus. So you have to weigh up the risk of the latter which would be just as concerning (if not more concerning) to people.

So in summary these are subtle trade-offs. A number of developers have worked hard to minimize the risk of a network split. But it doesn’t get to zero unless you literally never try a soft fork again. And that would mean that Bitcoin would never seriously improve again.

savegame – Is there any risk of my pc getting hacked by sharing a game save file?

savegame – Is there any risk of my pc getting hacked by sharing a game save file? – Game Development Stack Exchange

appsec – Is an outdated library in a Windows user mode desktop application an actual security risk?

I have an Windows 10 desktop application that runs in user mode only, and this application is a local tool only — that is, it does not “talk to the internet”.

As an example:
This application uses libxml2 as a DLL distributed in the application directory (as is “usual” on Windows). The libxml2 version used is somewhat dated, but it covers the use cases of the app.
Obviously, libxml2 has it’s list of CVEs, but the question I’m asking is: does any of this matter?

There doesn’t seem to be an attack vector, other than crashing the app itself (locally), by exploiting any security vulnerabilities of such a library.

So what’s the answer if someone claims: “You application is insecure because it uses XYZ!!” when all I do is use XYZ in a local user mode app?

This is not just theoretical: It costs to keep all dependencies up to date in new builds. Users need to be advised if they need to update based on these factors.

What are the risk quantification methods you have used for Cyber security project benefit realisation

As a consultant, I have now seen, FTSE companies with millions of budget being poured into the Cyber Security programmes. Almost all the projects within the portfolio do have a clear justification in terms of the risk mitigated. However, there is often no benefit realisation plan and there is no way to measure the success of the projects on the go. My question is how do you define metrics ? and what sort of risk quantification methods have you used in Cyber security ? Is there another way ?.

Thanks.

internal storage – What’s the best way to move files from SD card without the risk of losing any files?

For regular fuse/FAT file system type, there is no need to preserve file permissions, just copy all files as usual. You can check file system type by typing in mount in the terminal emulator. You will see somthing like this example:

/mnt/media_rw/149B-8301 type vfat
/storage/149B-8301 type fuse

149B-8301 is the UUID of the SD card and it shows that the file system is vfat.

To copy files regularly, run the following:

adb pull -a /storage/149B-8301 ~

advanced copy (tarball archive)

adb exec-out "tar -c storage/149B-8301 | gzip" > ~/sdcard_backup.tar.gz

copy from PC MicroSD Card Reader

cd /media/xubuntu
tar -czf ~/sdcard_backup.tar.gz 149B-8301

Note: replace ~ with path to target disk drive providing enough free disk space on PC

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123