certificates – VPN provider asks to install RootCertificate. How is it safe?

I want to use VPN provider (ProtonVPN), and don’t want to use an app. They ask user to install their Root Ca. How safe is it? What type of info could they get from my laptop? If I have their certificate installed, does that means they can see and get all info from my browser, including passwords and https sites? And what about other non browser traffic? How safe is it? What are the risks?

dslr – How can I get an old microscope adapter up and running when the K-3 asks for aperture data?

I attached an old manual microscope lens mount to my Pentax K-3. You are prompted to continue the aperture that the lens cannot provide. I tried all the settings in the camera including the manual focus and all options via the menu.

I imagine that this problem is common to all older manual lenses.

dslr – How can I get an old microscope adapter to work when the k3 asks for aperture data?

I attached an old manual microscope lens mount to my Pentax K3. You are prompted to continue the aperture that the lens cannot provide. I tried all the settings in the camera including the manual focus and all options via the menu.

I imagine that this problem is common to all older manual lenses.

Andrew

Design – WebApp that asks dynamic resources from the backend to the frontend

We are building an e-commerce site.

We want to develop some generic REST API modules that are available to different customers.

On the FE side, each domain should disclose certain customers' products, pages, CSS, HTML and assets.

We think about this architecture:

  1. An intra-resource server should make all assets available to customers / domains available via http
  2. A REST API backend
  3. An angular front end

So if I want to display some product information:

  1. FE requests the product key from BE
  2. BE Call the resource server, call all resources (HTML, CSS, JS) via http and return a JSON as follows:

    {
        html: "",
        css: "",
        js: "
    }
    
  3. FE injects the result on its template page

What do you think of this architecture in general? Do you know of any other mechanism for inserting dynamic pre-made templates?

ios – Automatic audio routing for calls that still asks for the device

Ok, it's a bit cumbersome, but I managed to solve my own problem. I went to:

Bluetooth settings -> MyAirPodsName -> forget this device

Then I paired my Airpods with my phone again and tried to make a call. And it sure worked! When I have connected my Airpods, they will be selected automatically. If not, I can switch between "iPhone" and "Speaker" as listed in the list by tapping the speaker button.

I think it's a strange bug that prevents call audio routing from automatically selecting the device so you have to explicitly select it every time you call someone … it's a bit annoying but it can be easy fixed, so not a big problem.

Domain Name System – Windows 10 asks for credentials for SMB Share when accessing over IP, but not when accessing via DNS hostname

Summary

I have an SMB share on a Synology DS416 NAS with domain joining. A single computer on our network as a strange problem where the user groupuser can access the share using the hostname \group_nasshare without problems, but when accessing via the IP address \192.168.11.8shareWindows prompts for credentials.

When I researched this, I saw a lot of questions and resources for the reverse case (hostname access fails, but IP is fine), but nothing for my case.

Details:

  • I have confirmed that other computers / users do not have this problem.
  • The user obviously has access to the share because the DNS name works. I also checked the permissions to make sure.
  • A restart does not fix the problem
  • Windows updates have been performed. I'm on Windows 10 Pro, 1909.
  • To enter the credentials when accessing the share via IP, these must be entered twice. The first authentication never seems to work ("access denied"), while the second always works.
    • At first I thought I was just greasing things up, but I (a) inserted the password and (b) checked it by pressing the small "Show password" button.
  • If you map a network drive with the DNS name, the connection will be made without any problems. However, if you enter the IP address, you will still be asked for Creds
  • When connecting via IP, the credentials may expire. I'm not sure how long it will take, but it seems to be overnight.
  • If you do the following, then groupuser can Access to the SMB share without having to enter credentials::
    1. When Windows restarts, log in as groupuser
    2. Users switch to otheruser (Who also has permission to this NAS)
    3. Access to the share via IP – no prompt as the Windows Creds are used correctly.
    4. Unsubscribe from otheruser
    5. Log on again as groupuser
  • By restarting everything is reset to the first place.
  • From what I've been told, nothing has changed on PC or Synology lately, but of course end users either (a) don't know when things will change, or (b) don't want to admit that they do something have done.

Has anyone seen this before?

Some other information:

C:Usersgroupuser>net use
New connections will be remembered.


Status       Local     Remote                    Network

-------------------------------------------------------------------------------
OK           X:        \redactedUserSharesgroupuser
                                                Microsoft Windows Network
OK           Y:        \redactedAdmin          Microsoft Windows Network
OK           Z:        \redactedEngineering    Microsoft Windows Network
The command completed successfully.

C:Usersgroupuser>nslookup 192.168.11.8
Server:  localhost
Address:  127.0.0.1

Name:    group_nas.contoso.local
Address:  192.168.11.8

C:Usersgroupuser>nslookup group_nas
Server:  localhost
Address:  127.0.0.1

Name:    group_nas.contoso.local
Address:  192.168.11.8

Why is that important?

The operators running the tools / software on the computer complain that they have to log on all the time if they have never had to.

The software on the computer is hard-coded to use the IP address when accessing the share (I work with the provider to make it configurable, but you know what older software is like …).

Catalina asks

Dear S,

I upgraded to Catalina and I have Office 2016, but it doesn't work after the upgrade, neither Adobe nor Quick Player.
Can you please tell us how to solve this problem?
thank you in advance

exodus – BTC wallet from "Airgap.it" asks for recipient address prefix "1ABC". What format is it?

I try to set up a cold and a hot wallet.

  1. Hot Wallet = "Exodus" on my daily cell phone. The address format is Bech32 with the prefix "bc1" or the legacy prefix from the format "P2PKH". The addresses then start with "1".

  2. Cold Wallet = "Airgap Vault" on an offline device plus "Airgap Wallet" on an everyday mobile phone. Both from "airgap.it".

  3. I tried to send a test amount from the cold wallet to the hot wallet, but the "Airgap Wallet" cold wallet only accepts BTC addresses that begin with the prefix "1ABC". How do I get this address from my "hot" Exodus wallet and what is the name of the address standard / format?

I could only find BTC Cash related entries on Google, but BTC Cash addresses start with "q" or "bitcoincash: q". The wallet software would also have to be very misleading, since BTC-Cash should not even be supported. I can't imagine that, so I'm really stupid right now. Any help is much appreciated, thanks!

Web application – sqlmap asks for query string

I am trying to run sqlmap locally and test my website

When I run a vulnerability scanner, I get an SQL injection error with HTTP like this

GET /index.php/search/FB3hw7'''''''/assets/assets/assets/assets/assets/assets/assets/assets/assets/assets/assets HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://xxxxxxxxxxxxx
Cookie: csrf_cookie_name=1b8ca9d5f78dc5a39b7fc91178a224fe; ci_session=xxxxxxbxxxxxxxxxxxxxxxxxxxxxxxxxmnet_session_depth=1%7C1585121878235; B=72uo4d1f7m2mf&b=3&s=au
Host: 127.0.0.1
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

When I copy the HTTP request into sample.txt File.

I do python sqlmap.py -r sample.txt

In this case, there is no parameter that sqlmap can use to inject the SQL injection

It gives me a mistake not to mention an injectable parameter. However, if I just paste the URL into the browser, I get an SQL error.

Another vulnerable URL is simple localhost/search/1' triggers an error in the browser and displays an injectable instruction. However, I tried sqlmap sqlmap -u url -p "search" .. but it doesn't work .. I even tried sqlmap localhost/search/1*

The point is, if we have clean URLs, how can we test the SQL injection. My code is definitely vulnerable, but I can't take advantage of it with SQL Map.

The error I get is false positive that the parameter is not injectable.
How can this be fixed?