Highest Voted Questions - IT Security Stack Exchange

39

votes

2 answers

Is it possible to decrypt a satellite TV signal without using a smart card?

And if it is possible, why has it been decided to keep using a smart card for this task? I will be grateful if you can provide some practical examples on how to bypass the use of a smart card (if possible).

encryption smartcard satellite

asked Sep 04 '13 at 20:14

Israfel_21

399
1
3
3

39

votes

6 answers

How secure are my passwords in the hands of Firefox using a Master Password?

I'm relying on Firefox to remember my passwords, using a Master Password of more than 25 characters. How secure is this set-up?

encryption passwords web-browser known-vulnerabilities client-side

asked Nov 17 '10 at 07:51

Roger C S Wernersson

3,100
4
19
12

39

votes

12 answers

Can a file contain its md5sum inside it?

Just wondering if it is possible to create a file which has its md5sum inside it along with other contents too.

cryptography hash

asked May 16 '11 at 05:45

balki

827
3
9
12

39

votes

1 answer

Why can't I use the same key for encryption and MAC?

I wrote a simple file encryption program as an example of how to do encryption correctly, but after reading a questions about encryption + MAC, I think I made a mistake by using the same key for both. I'm about to fix my program to generate a longer…

encryption hmac

asked Jun 22 '13 at 17:27

Brendan Long

2,898
1
19
27

39

votes

1 answer

CSS based attacks

I'm currently working on a plugin for a CMS which should allow content editors to write inline style tags. I'm looking for advice / links on how inline styles could be abused. Part of the reason for the plugin is to allow for a strict content…

antimalware css

asked Jun 21 '13 at 11:10

symcbean

18,418
40
74

39

votes

1 answer

Passive and active attacks via X11. Is Wayland any better?

In The Linux Security Circus: On GUI isolation - The Invisible Things Lab's blog, Joanna Rutkowska describes attacks from one X11 app on another and the general problem of the lack of GUI-level isolation, and how it essentially nullifies all the…

desktop x11

asked May 05 '11 at 16:23

nealmcb

20,693
6
71
117

39

votes

4 answers

If email is insecure, why do we use it for password resets?

I found myself telling a coworker today "Email is insecure, that's why we developed our secure report application." But then it struck me, Why is email considered insecure? If it is so insecure, why do we trust it for password resets? I never…

passwords email

asked Jan 22 '13 at 20:27

John

2,262
2
28
45

39

votes

5 answers

What's the difference between VPN over TCP vs UDP?

My VPN provider gives me the option between using UDP and TCP for connections. According to this site UDP is faster over short distances. I'm on the same continent as my server, is that considered short distance? Is there a test I can run to compare…

vpn

asked Jan 10 '13 at 04:50

David Drohang

453
1
4
5

39

votes

8 answers

Can the manufacturer remotely turn off my device?

In connection with recent events, I, as an ordinary citizen of Russia, wonder - can smartphone manufacturers (Google, Apple, Huawei, etc.) or any another (such as Microsoft, Cisco etc) remotely turn off my phone (or any another device)? I see…

account-security

asked Mar 04 '22 at 10:08

RoyalGoose

1,005
6
9

39

votes

8 answers

How can I ensure my API is only called by my client?

I have an API Key to a paid service. This API is invoked from an unauthenticated page on my site. I am proxying the request to the paid service through my backend server. I have also added CORS on the API to make sure it is called from my site. THe…

javascript

asked Mar 22 '21 at 04:08

Johnny Donalistic

537
1
4
5

39

votes

14 answers

How to safely save passwords for a future administrator?

I am the volunteer IT administrator for a local non-profit organization. The organization has a few systems - specifically security cameras, network hardware, and telephones - that have local administrator accounts to manage them. Right now, I am…

passwords risk

asked Oct 21 '20 at 23:45

Moshe Katz

1,351
1
11
17

39

votes

4 answers

why a client authentication is not commonly performed in the TLS protocol?

Is there any reason for this other than key/certificate management on the client-side?

tls authentication

asked Nov 11 '12 at 12:40

naresh

625
1
7
7

39

votes

11 answers

Is it safe to use a weak password as long as I have two-factor authentication?

I'm careful to use strong passwords (according to How Big is Your Haystack, my passwords would take a massive cracking array 1.5 million centuries to crack), I don't reuse passwords across sites, and I use two-factor authentication where it's…

passwords authentication multi-factor trust

asked Nov 09 '12 at 21:38

Herb Caudill

443
1
4
9

39

votes

7 answers

At what point is deleted data irrecoverable?

From reading around on the internet I get the impression that barring physical damage, deleted data can be always be recovered using sophisticated digital forensics. For this reason the advice is that you should encrypt your data. So at what point…

forensics deletion data-recovery

asked Jun 13 '20 at 22:27

Yoshi

407
4
3

39

votes

2 answers

What is the HTTP "Server" response-header field used for?

It was not until recently that I began to question the use for the Server field in the HTTP Response-Header. I did some research: RFC 2616 states: 14.38 Server The Server response-header field contains information about the software used by the…

http

asked Oct 26 '12 at 17:36

ZnArK

607
1
6
10

Most Popular