SharePoint Online Removing HTTP Headers for Security Reasons

I want to know if it’s possible to hide the below HTTP Headers displayed by SharePoint Online site :

  1. HTTP/1.1 200 OK
  2. Server: Microsoft-IIS/10.0
  3. X-AspNet Version : 4.0.30319
  4. MicrosoftSharePointTeamServices : 16.0.0.20802
  5. It is also observed that OPTIONS, DELETE and GETLIB methods are travelling every time in the application request.

These needs to be removed from security point of view.

Your early response will be highly appreciable. Thanks in advance.

security – A safe way to allow upload of all file types?

No. Setting the directory as non-executable only prevents harmful binaries from being executed on the server. It does not prevent harmful scripts from being executed by the webserver.

If I can upload a PHP file, and access it via the web, then the webserver will run it regardless of its executable flag.

Additionally, I could upload something that contained HTML and Javascript, and then run it in a browser from your domain. This is known as a Persistent-Cross-Site-Scripting vulnerability.

In order to be secure with any filetype, the uploaded files must be uploaded to a place where the webserver cannot reach them and serve them to other people. Which makes uploads kind of pointless in that case, since images uploaded wouldn’t be visible afterwards.

networking – Security implications of directly connecting a Windows PC to ISP via Network Adapter with Ethernet cable bypassing the Router

When diagnosing Internet connection issues (slow speed for example), an ISP technician may ask a user to connect their ISP-provided Ethernet cable directly to a device (typically a Windows PC) to run speed tests in the browser or pings, etc. (to rule out the possibility of the Router being the culprit).

What are the likely (realistic) as well as theoretical security implications in as far as getting access to the device / retrieving information from it (accessing files, etc.) under the following assumptions:

  • This is done for a short period of time ~ 30 minutes
  • The new network is identified as Public (in Windows UI)
  • Remote assistance is enabled
  • Windows built-in firewall is OFF, but third-party application-level firewall is enabled (restricts Internet access to apps).

And does this compromise saved passwords of network-mapped drives and locations (which are normally only accessible within LAN via the Router)?

security – Doesn’t storing the “recovery seed phrase” for a wallet defy all logic?

I’ve heard many times that you are supposed to write down a “recovery seed phrase” (a series of English dictionary words) on a piece of paper and store that securely so that you can recover your coins when you inevitably lose access to your wallet.dat.

But doesn’t this defy all logic? If this phrase alone can recover the wallet.dat (which feels like magic to me, but I’ll accept it as the truth), what happens if:

  1. There is a fire and it burns your coins with the paper?
  2. A burglar steals the paper and takes your coins?
  3. The government seizes the paper and takes your coins?

Even if you say “I’ll buy one of those fireproof metal plates where you put in the seed phrase with the little metal letters”, that only protects against the first hazard.

And even if you put the piece of paper (or metal plate) inside a fireproof safe, that only stops (at best) number 1 and 2. The government will not be scared to force-open the safe or make you do it under gunpoint, and there’s your recovery phrase.

And if you put your coins on a hardware wallet and secure that, and still store your seed phrase in your computer, then somebody could grab that remotely through one of the numerous security holes that computers/OSes/software have today, restore the the wallet and take your coins before you ever know.

It seems that storing the recovery phrase ONLY protects against your own clumsiness and hardware dying, but not against all the other serious threats.

I’ve spent so long thinking about every possible method to keep my Bitcoins safe, but I just can’t find a single method which I’m not myself able to quickly poke huge holes through…

airport transfer – Going through security at Ft. Lauderdale on a connecting flight

This airport doesn’t have an airside pedestrian access, nor airside buses or trams. All transfers between terminals are accomplished by exiting the terminal and taking shuttle buses that run regularly around the airport from one terminal to the next.

Assuming your first flight has departure from a US airport, whether you’ll go through security again at Ft. Lauderdale will depend on what airline(s) you’re on, and whether your flights arrive and depart from the same Ft. Lauderdale airport terminal. If you edit your question to provide airline and flight information, a more specific answer can be provided.

TL;DR: If you have to change terminals in Ft. Lauderdale to reach your ongoing flight to Cancun, you’ll exit the arriving flight’s terminal, shuttle to the departing flight’s terminal, then have to go through security again to reach the departing flight.

security – What should i do with my used antminer? How should i set it up?

ive just purchased a 2nd hand s9i antminer, got it for £200, a great deal i thought, what tasks should i perform before installing?

i was thinking of opening it up and looking inside, just to see what is inside the box

obviously i should reset the machine, right?

is there anything else i should do?

i am concerned about security and wish to ensure this piece of used hardware poses no threat to my local network

this is the first asic miner ive ever owned

security – What is the most optimal Bitcoin Core-only OS for securing a new Bitcoin wallet?

I can’t sleep at night due to my unencrypted cold storage wallet.dat having frequent contact with my Windows 10 nightmare machine. I’ve therefore decided to set up an old computer (with a 250 GB HDD, so it cannot possibly store the entire blockchain) with some kind of encrypted Linux or similar, only to install Bitcoin Core, set up a new wallet, encrypt it, and then send nearly all my coins to this new wallet, which I can then proceed to put on my redundant backups without fearing that my coins disappear, since it will be encrypted.

(The issue of securely and redundantly storing the passphrase remains…)

But what should I install on that computer? Is there something custom-made just for Bitcoin Core, perhaps? “Bitcoin Linux” or something? And will the fact that I have to run it in “pruned” mode mean that my new wallet won’t be fully secure?

authentication – Is there a security reason to require email address and password in separate steps?

I have noticed lately that instead of having an email address and password entry box on the same page/screen, a lot of websites and apps will instead ask for your email address first, then it will ask for your password in a separate step.

As I use a password manager, this means I cannot just fill in the email address and password in one easy step – I either have to manually type my email address, or I have to autofill with the password manager twice.

My question is: is there a good security reason why they are increasingly doing it this way, or is it just bad UI design?

chromebook: security issues

I’m on a school chromebook. After some time, I see this process running:

If you zoom in close enough, 3 people "C", "C", and "I" are acessing my computer apparently (they look like gmail profile pics). "I" was someone who I had never seen before. Before, it looked like this:

Except there was 1 C. Later 2 C’s appeared, and after some time an "I" appeared. T then the "C’, "C", and "I" appeared.
"C" later started dissapearing whenever I would open the same link, and a "Files" process would appear.

Even weirder, in the logs, I saw random bluetooth processes running.

P.S. I’m up-to-date on software.