Sender | Message | Time |
---|---|---|
9 Apr 2024 | ||
New | I have project and end of the day it have to send daily reports to respective person. But as a software it runs on local serever it has many restrictions on network to access internet. If in mail i used original email, email id can be leak and some people may try to hack thing so avoid it i want to change email address of sender | 20:35:47 |
New | * I have project and end of the day it have to send daily reports to respective person. But as a software it runs on local serever it has many restrictions on network to access internet. If in mail i used original email, email id can be leak and some people may try to hack thing so to avoid it i want to change email address of sender | 20:36:51 |
New | Redacted or Malformed Event | 20:37:21 |
Wother | In reply to Newyour threat model is flawed. The idea that someone can be "hacked" from having an email address leaked is ignorant. Yes, an email address is PII, but in this instance, you are overcomplicating your response model without actually increasing the security of the system. Think about what can be gleaned from an email address. One of mine is wother@pm.me what does that tell you? Or ronin@wother.dev ? Or even uncle@wother.dev ? You might get half of a login, if I was using that email for login. Then you would need a password, and likely (in my case) a second factor, like TOTP or Hardware Key. So... good luck "hacking" that. Maybe you get really lucky, and find a plaintext password I used years ago in a dump. So, what are you actually avoiding by slightly obscuring the email address? If your LAN is locked down for internet access, in that there are whitelists and blacklists for domains, are you trying to send this internally? Or is there a way to present this information without email? Or is there a service account you can use to "send" this email on your SMTP server? If I need an email address to send "system" alerts, I simply generate one without an inbox in my Active Directory (AD) and use THAT to send the email. Though we use system accounts so that employee accounts are not used for "official" communications. | 20:43:56 |
New | Actually just few days ago i get information they access the hod mail and then they play with other software and for that which email I'll get it'll be used to hande whole serever and they don't want to create other mail ide for that | 20:49:28 |
New | So I'm just trying to figure out as many possible options | 20:50:05 |
New | Nothing else | 20:50:13 |
Wother | In reply to Newya lost me again. "...i get information they access the hod mail..." ^^^ that makes no linguistic sense. "it'll be used to handle whole server" ^^^ what? What are you saying here? "they don't want to create other mail ide for that" ^^^ That sounds like you are not being supported for this project. | 20:53:31 |
New | Ok | 20:54:40 |
Wother | If you are sending email blasts out, use mailjet, or some service that enables you to do this. Also good if you are sending mail programmatically, SDK are amazing. If you are using an SMTP server, get them to give you a service account, or stop worrying about your email "leaking" and just embrace the chaos. | 20:55:14 |
Wother | I will list 10 of my email addresses here, I would LOVE to see how far someone might get in "hacking" those accounts. I promise, it isn't a risk like you are making it out to be. | 20:56:11 |
New | 1. Hod email is publicly available if anyone in network they can access software running on local serever They just guessed password and they get access to play with attendance software which is running on local serever | 20:58:26 |
New | They are not hacking email they are just login in software and play with it | 20:59:25 |
New | And sorry for creating confusion due to my over thinking | 21:00:24 |
#!/usr/bin/env h@x #YachaGang π¦ | Redacted or Malformed Event | 22:17:30 |
#!/usr/bin/env h@x #YachaGang π¦ | Redacted or Malformed Event | 22:17:43 |
#!/usr/bin/env h@x #YachaGang π¦ | Redacted or Malformed Event | 22:18:02 |
#!/usr/bin/env h@x #YachaGang π¦ | In reply to NewInstead to figure how they gained access to the system and create a overcomplicated solution, how about to implement a security layer like Authelia ? | 22:19:02 |
#!/usr/bin/env h@x #YachaGang π¦ | * Instead to figure how they gained access to the system and create a overcomplicated solution, how about to implement a security layer like Authelia in combination with LDAP (FreeIPA)? | 22:19:45 |
10 Apr 2024 | ||
πΌπ€π‘ππ πππππ€π₯ | z = 'achyutam' print(id(z)) z = 'ashu' print(id(z)) print(id(z) == id(z)) | 05:22:26 |
πΌπ€π‘ππ πππππ€π₯ | In reply to πΌπ€π‘ππ πππππ€π₯i have a query as we can see in the above code we are assigning values to same variable but with different values thus mean the integer representing the memory address is different but how the heck print(id(z)==id(z)) is showing True shouldnt it be false since the memory stored is different as strings are immutable | 05:24:45 |
πΌπ€π‘ππ πππππ€π₯ | wont it create a new string with the name of z at a different location ? | 05:25:34 |
Wother | | 05:40:57 |
Wother | In reply to πΌπ€π‘ππ πππππ€π₯to be honest, that depends on the programming language. | 05:42:26 |
Wother | In reply to πΌπ€π‘ππ πππππ€π₯the last line here will always be true, even without the reassignment. z is always itself. | 05:46:05 |
πΌπ€π‘ππ πππππ€π₯ | In reply to Wotheri understood it now the reassignment will always be true because the object here is same 'z' | 05:59:25 |
New | In reply to πΌπ€π‘ππ πππππ€π₯In last line it take same z twice so it's true nothing else | 10:06:13 |
New | In reply to #!/usr/bin/env h@x #YachaGang π¦Nice idea | 10:08:16 |
Martin VΓ€lba changed their profile picture. | 11:56:36 | |
#!/usr/bin/env h@x #YachaGang π¦ | In reply to NewYes. Enhance security in the first spot, then go and fix the leakage | 14:34:31 |