Insider threats vs. insider attacks

I understand that a threat is a possible security violation that might exploit the vulnerability of a system, and a attack is an action on a system that harms the organisation in some way. Therefore, we should detect attacks and prevent or mitigate threats.

However, when I look on multiple cybersecurity sources focused on insider issues, the most of them talk only about the insider threats and do not talk about the insider attacks at all. In addition, they multiple times use the term insider threat even for actions that should be considered as attacks. You can see it, for example, in:

Can, please, someone explain me, what is the difference between insider attack and insider threat? Why it seems that it has a different meaning regarding insiders than in general usage? Why is mostly used term just insider threat?

Go to Source
Author: Ylvetal

What is the best database design for storing survey form with different types of questions and answer formats and branching is possible?

I would like to store the format of the survey form which can branch into different question based on
Questions can be video, audio, text and answer can be text, multiple choice, video, audio, geolocation etc. Also based on the answers of a question branching into different question should be possible. It should also be possible for user to fill the form in multiple session so some state should also be there. So the answers to the columns can be missing due to branching as well as the response being incomplete. There is a need of fast filtering and analysis of the database. Also, it should be possible to extract all the responses of a particular form in CSV file. What would be the best implementation for this problem?

Go to Source
Author: Shrey Paharia

What framework to use with excel for data frame in javascript like pandas?

I am trying to create a website that displays values from a .csv file that matches a certain criteria similar to how you can filter data from a dataframe in the pandas framework in python. I am not sure if there is anything similar in javascript. If not, what framework should I use to do this using python for web development?

Go to Source
Author: chibiw3n

Android Google Keep Save Snippet AND URL

How can I save both the selected text AND the URL to Google Keep from Chrome in Android? On desktop this is as simple as highlighting text then clicking the Keep icon next to URL; that’s the functionality I want when I’m browsing on Android. On desktop it’ll work multiple times- for keeping multiple snippets in the same keep note for that URL, as you read it and recognise you wish to save that part. On Android (in Chrome, with Keep plugin installed on the machine) I can long click>share to Keep, but this only shares the selected text not the URL. I can share the URL itself to keep (share at top near URL) but this only shares the URL not selected text. A lobg click menu item on selected text would be logical to me but right now I can only manually open the saved URL and copy paste the note; very inefficient.

Go to Source
Author: wovenworld

How to run Dockerfile agent on a Jenkins Slave Node?

I have an issue with Running Dockerfile in Jenkins Pipeline on a Slave Node server.
Have posted in main StackOverflow portal. happy to see this DevOps Stackexachange portal.

just linking the ticket here : https://stackoverflow.com/questions/63364558/how-to-run-dockerfile-agent-on-a-jenkins-slave-node/63366121

It would be really helpful if someone can share their thoughts.
Thanks in advance.

Go to Source
Author: Venkatesha K

Use Component From Shared Module Of A Sub Angular App (nested apps)

I have nested Angular Apps:

MainApp { 
   projects:{
     App1,
     App2
   }
}

I want to use a Component from Sub App (App1), in my (MainApp).
Here is my (MainApp) app.module.ts:

 imports: [
    BrowserModule,
    AppRoutingModule,
    App1SharedModule.forRoot(),
    App2SharedModule.forRoot()
  ],

I’ve got Error Message: ‘app-xxx’ is not a known element:

Any suggestions ?

Go to Source
Author: Inoubli

Can’t run Google Chrome on Ubuntu 18/20

I’ve installed Ubuntu 20 LTS from official site with Rufus. And then I downloaded Google Chrome from google.com/chrome 64 bit.deb for Ubuntu
The first time I open, Chrome works nomally but after that time I can’t manage to open it, I tried to launch it from terminal/gnome it yeilds:
NaCl helper process running without a sandbox! Most likely you need to configure your SUID sandbox correctly
This also happens on Ubuntu 18.04
Any help is appreciated!

Go to Source
Author: Phạm Văn Tiến

SAMBA: valid users ignores local samba user

I have a linux server (SLES12 SP5) in a Windows domain.

>smbd -V
Version 4.10.5-git.192.26ffbcd72313.11.1-SUSE-SLE_12-x86_64

Accessing samba shares with a domain user works very well.

Unfortunately I can’t access the share with a local samba user, if valid users is active.

>useradd -r -g tomcat test
>smbpasswd -a test
>systemctl restart smb.service

>getent passwd test
test:x:480:1002::/home/test:/bin/bash

smb.conf

[global]
    security = ADS
    realm = STL.BWL.NET
    workgroup = STL

    domain master = NO
    local master = NO
    preferred master = NO
    os level = 0

    template homedir = /home/%U
    template shell = /bin/bash
    kerberos method = secrets and keytab
    allow trusted domains = NO

    winbind enum users = YES
    winbind enum groups = YES
    winbind cache time = 10
    winbind use default domain = YES
    winbind refresh tickets = YES

    idmap config STL : backend = rid
    idmap config STL : range = 100000-400000

    idmap config * : backend = tdb
    idmap config * : range = 500000-800000

    ntlm auth = NO
    lanman auth = NO
    client use spnego = YES
    client ntlmv2 auth = YES
    encrypt passwords = YES
    restrict anonymous = 2
    usershare allow guests = NO

    printing = bsd
    printcap name = /dev/null

    map acl inherit = YES
    store dos attributes = YES
    ea support = YES

    public = NO
    browseable = YES
    writeable = YES
    guest ok = NO

    create mask = 0660
    directory mask = 0770

[web]
        path = /web
        valid users = @GRP_R13_QS STL1408

[tomcat]
        path = /web/tomcat
        valid users = test

Go to Source
Author: stalachristian

Where are default aliases defined

I’ve got a fresh install of CentOS 8 (minimal ISO). I notice that, despite none being listed in either .bashrc or .bash_profile, a bunch of aliases are defined by default in bash. For example,

alias cp='cp -i'
alias egrep='egrep --color=auto'
...

Many of these aliases I’d like to keep. However, where can I find/edit the sources of those definitions?

Go to Source
Author: Daniel Walker

Cannot connect to server with SSMS 18

I’m having an issue all of a sudden with SSMS 18. Today, the authentication method is grayed out and I cannot get it to connect to a server. I’ve rebooted, reinstalled 18.6, uninstalled and installed 18.5 and run it as an Administrator. I have no idea what the issue could be and cannot seem to locate any info on through Google searches.

enter image description here

Go to Source
Author: jradich1234

How to change the Media Uploader screen from WordPress admin to normal browse screen for frontend users for featured image submission

I have a theme form in my frontend which takes the featured image from the user. But my problem is when the user clicks the upload button they are taken to the normal MEDIA UPLOADER screen which is normal for admin users. On top of that, the site visitors can also see the other media library images. I want to change this media uploader screen to just file browse screen. My site users are of “Authors” category. Please need help!

Go to Source
Author: Muhammad Aurangzeb Khan

What’s the deal with X25519 Support in Chrome/Firefox?

RFC8446/TLSv1.3 Section 9.1 says that “implementations SHOULD support X25519”.

An online list
of software supporting Curve25519 list both Firefox and /Chrome
as supporting it for TLS.

I did an experiment and created a self-signed TLS cert with Ed25519. Both Chromium 84 and Firefox 79 complain
about not being able to negotiate the cipher list/version. I’ve also noticed that they initiate TLSv1.2 handshakes when
connecting to localhost, but use TLSv1.3 handshakes when connecting to google for example. wget on the other hand,
has no problem connecting (I used --no-check-certificate,
but afaik that shouldn’t matter here)

I then looked at the TLSv1.3 handshakes. neither browser offers Ed25519 as a signature in their ClientHello (even when connecting to google via TLSv1.3). Again, wget does offer it
as part of the ClientHello.

Chromium 84.0 TLSv1.3 Supported Signatures

So I figured this might be a platform issue with my distro (Fedora), but this Blog Post also claims that the major browsers don’t supports X25519. While ChromeStatus says it’s been supported since Chrome 50 (I’m assuming chrome and upstream chromium do not differ in this).

I’m totally confused. What’s the current state of X25519 support on major browsers? is it a google chrome vs. upstream chromium issue?

Go to Source
Author: Jim Landy