Highest Voted Questions - IT Security Stack Exchange

152

votes

7 answers

Can someone take down Wi-Fi signal?

Is it possible that someone made an attack (DoS or something else) to my Wi-Fi router (without knowing of the password) and make my router's signal unavailable? 1) How it can be done? 2) What are remedies?

wifi denial-of-service

asked Nov 26 '16 at 08:13

T.Todua

2,707
4
20
29

152

votes

4 answers

Which security measures make sense for a static web site?

I have a static web site. Users cannot log in or perform any other actions. Which of the common HTTP security measures make sense for my site? Do I need any of these? HTTPS Strict transport security Content security policy Certificate…

tls http header

asked Nov 13 '16 at 13:43

Sjoerd

28,897
12
76
102

151

votes

8 answers

How can PayPal spoof emails so easily to say it comes from someone else?

When I receive a payment in PayPal, it sends me an email about it (pictured below). The problem is that the email is shown to be coming from the money sender's email address and not from PayPal itself, even though the real sender is PayPal. Here is…

email

asked Dec 06 '11 at 15:03

Sunny88

1,629
2
11
6

151

votes

12 answers

Do I need to encrypt connections inside a corporate network?

Provided that I have a decent level of physical security in the office, I monitor the physical addresses of devices connected to the network and only give VPN access to trusted parties, do I need to encrypt access to intranet resources over HTTP?…

encryption credentials identity-theft intranet

asked Jun 21 '18 at 14:58

Robert Cutajar

1,461
2
7
7

150

votes

9 answers

How do organizations check what has been hacked?

In the UK, the company TalkTalk was recently hacked. It was later discovered, after 'investigation' that the hack was not as serious as it could have been (and less than expected). I'm wondering: How do organizations (not necessarily TalkTalk --…

incident-response

asked Oct 27 '15 at 11:22

ᔕᖺᘎᕊ

1,283
2
9
8

149

votes

6 answers

Is password entry being recorded on camera a realistic concern?

I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras…

passwords user-names

asked Nov 08 '18 at 15:42

davnicwil

1,231
2
8
8

147

votes

5 answers

How can I export my private key from a Java Keytool keystore?

I would like to export my private key from a Java Keytool keystore, so I can use it with openssl. How can I do that?

appsec cryptography key-management certificates java

asked May 13 '11 at 11:11

Jonas

5,163
7
33
35

147

votes

8 answers

How should I set up emergency access to business-critical secrets in case I am "hit by a bus"?

I work as the primary developer and IT administrator for a small business. I want to ensure that business can continue even if I suddenly become unavailable for some reason. Much of what I do requires access to a number of servers, (through…

physical credentials business-risk secret-sharing

asked Nov 30 '15 at 16:55

AndrewSwerlick

1,489
2
10
7

146

votes

1 answer

How does Shutterstock keep getting my latest debit card number?

I've made a single photo purchase from Shutterstock back in 2012. I created an account and gave them my debit card #. I haven't made a single purchase from them since. Silently in 2018, they activated auto-renew without my consent, without notifying…

credit-card banks

asked Jan 05 '21 at 01:27

Marquizzo

1,907
4
9
13

145

votes

9 answers

How do I run proper HTTPS on an Internal Network?

This question has been asked several times, I'll link a…

tls dns

asked Apr 21 '16 at 17:34

alficles

1,551
2
9
4

143

votes

24 answers

Why can't I just let customers connect directly to my database?

I'm pretty sure this is a stupid idea but I'd like to know why, so bear with me for a moment. Lots of the work backend developers do is providing CRUD access to customers via HTTP, essentially mapping data from and to the internal database.…

account-security mysql api

asked Apr 17 '20 at 12:45

Moritz Friedrich

1,465
2
10
10

143

votes

14 answers

Is there any technical security reason not to buy the cheapest SSL certificate you can find?

While shopping for a basic SSL cert for my blog, I found that many of the more well-known Certificate Authorities have an entry-level certificate (with less stringent validation of the purchaser's identity) for approximately $120 and up. But then I…

encryption tls certificates certificate-authority trust

asked Aug 14 '12 at 19:19

Luke Sheppard

2,237
3
15
21

143

votes

8 answers

Secure way of masking out sensitive information in screenshots?

As a guy working in security/pentest, I regularly take screenshots of exposed passwords/sensitive information. Whenever I report these, I mask parts or complete info as in the sample given below I often wonder, is it possible for someone to…

forensics image

asked Apr 19 '18 at 19:06

xandfury

1,351
3
10
19

143

votes

9 answers

To sufficiently protect against KRACK is patching the client, the AP, or both, required?

Following on from this question, I am unclear on which of the following steps are sufficient to protect a WPA2-based wifi connection from the KRACK flaw: Patching the AP (e.g. router) Patching the client (e.g. mobile device) Patching the AP and the…

wifi wpa2 krack

asked Oct 16 '17 at 16:25

Jon Bentley

2,011
2
15
16

143

votes

9 answers

How secure is Chrome storing a password?

Whenever I enter a login into a new site, Chrome asks me if it should store the login details. I used to believe this was fairly secure. If someone found my computer unlocked, they could get past the login screen for some website using the stored…

encryption passwords chrome

asked Oct 01 '17 at 17:23

Tony Ruth

1,373
2
8
5

Most Popular