Most Popular
1500 questions
143
votes
9 answers
Hosting company advised us to avoid PHP for security reasons. Are they right?
I'm doing a redesign for a client who's understandably concerned about security after having been hacked in the past. I had initially suggested using a simple PHP include for header and footer templates and a contact form they wanted. They are…
Yumecosmos
- 1,373
- 2
- 9
- 8
142
votes
14 answers
What "hacking" competitions/challenges exist?
I have always enjoyed trying to gain access to things I'm not really supposed to play around with. I found Hack This Site a long time ago and I learned a lot from it. The issue I have with HTS is that they haven't updated their content in a very…
KilledKenny
- 1,662
- 4
- 19
- 28
141
votes
8 answers
How do I report a security vulnerability about a trusted certificate authority?
I stumbled across a huge security vulnerability in a Certificate Authority that is trusted by all modern browsers and computers.
Specifically, I am able to get a valid signed certificate for a domain I don't own. If I had the means to become a Man…
MotorStoicLathe
- 1,031
- 2
- 8
- 8
141
votes
3 answers
Did I just get DNS Hijacked?
I went online on my Macbook today and noticed my iTunes complaining that it couldn't connect to Apple, I tried logging out and in of my account but weirdly it said it couldn't log in; I didn't think much of it at first as I thought maybe it was…
Imran
- 1,015
- 2
- 8
- 9
141
votes
12 answers
Is public Wi-Fi a threat nowadays?
In my opinion, arguments we have been using for years to say that public Wi-Fi access points are insecure are no longer valid, and so are the recommended remedies (e.g. use VPN).
Nowadays, most sites use HTTPS and set HSTS headers, so the odds that…
The Illusive Man
- 10,587
- 16
- 58
- 89
141
votes
5 answers
Is it secure to store passwords with 2 way encryption?
I'm a parent who has a parent account with my local school district so that I can log in to their website to view my child's grades etc.
I clicked the "forgot password' button, and my password was emailed to me in plain text. This concerned me, so…
43Tesseracts
- 1,083
- 2
- 7
- 6
140
votes
17 answers
Is exploit-free software possible?
I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their software, eventually there will be no vulnerabilities,…
Zheer
- 1,165
- 3
- 8
- 10
139
votes
2 answers
Received a set of SMS/MMS containing 2 photos, a voice message, and a text "I need help" with Google Maps link from a known contact. Is it spam?
My girlfriend (let's call her Jane) just got a set of SMS or MMS messages coming from a friend of her (let's call her Hellen). These messages contain:
Two photos of Hellen
A voice message
A text that says "I need help" followed by a Google Maps…
ravasaurio
- 1,221
- 2
- 6
- 9
139
votes
9 answers
Where can I find good dictionaries for dictionary attacks?
I’m wondering where I can find good collections of dictionaries which can be used for dictionary attacks?
I've found some through Google, but I’m interested in hearing about where you get your dictionaries from.
Chris Dale
- 16,149
- 10
- 57
- 97
139
votes
8 answers
I got an email threatening to DDOS me if I don't pay a ransom. What should I do?
I received the following email, addressed to me at an email address on my personal domain (for which I run my own mail server on a VPS):
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE
DECISION!
We are Armada Collective.…
alexw
- 1,289
- 2
- 9
- 13
139
votes
7 answers
Internet courtship: Why would a hacker buy me poker chips?
Believe me, I never expected to ever write a title like that on a Stack Exchange site either!
Yesterday evening I got a call from my mother. She is quite tech savvy and generally knows her way around spam and viruses. However, yesterday she was…
Bram Vanroy
- 991
- 2
- 6
- 9
138
votes
11 answers
Why not allow spaces in a password?
"Your password can't contain spaces."
is a message I see from some websites,
including 1 .
Why?
(This question is very similar to Why Disallow Special Characters In a Password? , but the answers there don't seem to apply to the space…
David Cary
- 2,730
- 4
- 20
- 20
138
votes
8 answers
Are "man in the middle" attacks extremely rare?
In "Some thoughts on the iPhone contact list controversy and app security", cdixon blog
Chris Dixon makes a statement about web security
Many commentators have suggested that a primary security risk is the fact that the data is transmitted in plain…
Jeff Atwood
- 4,552
- 6
- 26
- 29
137
votes
2 answers
What is 'tabnabbing'?
Wikipedia is not very explicit on this,
The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time.
What is 'tabnabbing', how does one do it?
Matas Vaitkevicius
- 1,325
- 2
- 9
- 12
136
votes
10 answers
Can a computer virus be stored somewhere else than on the hard drive?
Are there viruses that have managed to hide themselves somewhere other than on the hard drive? Like CPU cache or on the motherboard?
Is it even possible? Say I get a virus, so I get rid of the HDD and install a new one. Could the virus still be on…
Ivan Bilan
- 1,241
- 2
- 9
- 10