IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
108
votes
12 answers

Why is it difficult to catch "Anonymous" or "Lulzsec" (groups)?

I'm not security literate, and if I was, I probably wouldn't be asking this question. As a regular tech news follower, I'm really surprised by the outrage of Anonymous (hacker group), but as a critical thinker, I'm unable to control my curiosity to…
claws
  • 2,155
  • 5
  • 19
  • 22
108
votes
15 answers

How can I argue against: "System is unhackable so why patch vulnerabilities?"

An operating system has reached End of Support (EoS) so no more security patches are coming for the OS ever. An embedded device running this OS needs to be updated to a newer version. However, the engineers who designed the original product feel…
Ken
  • 1,091
  • 2
  • 7
  • 5
108
votes
3 answers

How does DuckDuckGo know my native language even though I am using a VPN in a country with a different language?

I recently started using a VPN and I've felt more comfortable browsing the Internet. My VPN allows me to select another country through which my traffic is routed to make it appear I'm located in that particular country. "What's my IP" and similar…
S. Rotos
  • 1,013
  • 2
  • 7
  • 5
108
votes
7 answers

Is social-engineering an actual threat

I've recently finished book The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick The book was released on 4th December 2002. Not talking only about techniques described in this book, but are the ways used by…
Marek Sebera
  • 2,223
  • 3
  • 21
  • 27
107
votes
17 answers

Is "password knocking" a good idea?

With port knocking, you have to "knock" on specific ports in defined order to expose a port on which service is running. How about password knocking? For example you have three passwords: A, B and C. None of them is correct by itself, but entered…
gronostaj
  • 1,290
  • 2
  • 10
  • 17
107
votes
5 answers

Should websites be allowed to disable autocomplete on forms or fields?

Currently, there is an HTML form/input attribute called autocomplete, which, when set to off, disables autocomplete/autofill for that form or element. Some banks seem to use this to prevent password managers from working. These days sites like Yahoo…
Manishearth
  • 8,257
  • 5
  • 35
  • 56
107
votes
4 answers

Suspicious GitHub fork

Update (April 15): The forked repo and the user do not exist any more. Yesterday, one of my GitHub projects was forked and there is a suspicious commit on the fork of the repo. As you can see from the commit the GitHub Actions configuration installs…
Giorgi
  • 903
  • 2
  • 3
  • 12
107
votes
8 answers

Ex-contractor published company source code and secrets online

Just found my current company code on the plain internet. We are talking hundreds of thousands of lines of scripts and configurations, including database schemas and a fair amount of internal information. Looks like an archive of some project(s),…
user5994461
  • 1,256
  • 3
  • 13
  • 11
107
votes
5 answers

Being told my "network" isn't PCI compliant. I don't even have a server! Do I have to comply?

We are a brick and mortar company... literally. We are brick masons. At our office we connect to the internet through our cable modem provided to us by Spectrum Business. Our Treasurer uses a Verifone vx520 card reader to process credit card…
user3512967
  • 793
  • 2
  • 5
  • 6
107
votes
7 answers

Is it safe to give my email address to a service like haveibeenpwned in light of the publication of "Collection #1"?

There is a new big case of stolen login/password data in the news. At the same time, I am reading that there are services that let you check if your own login data is affected, e.g. Have I Been Pwned. Is it safe to enter my email address there to…
godwana
  • 931
  • 2
  • 6
  • 4
107
votes
19 answers

Defence methods against tailgating

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let…
Lithilion
  • 1,669
  • 2
  • 8
  • 16
107
votes
5 answers

Confirmed evidence of cyber-warfare using GPS history data

In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel. They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS)…
Be Brave Be Like Ukraine
  • 1,053
  • 3
  • 9
  • 16
107
votes
2 answers

Is a redirect showing the password in plain text a security vulnerability?

A couple of days ago, I attempted to log into the website of a well-known SaaS provider. I used a password manager on my browser (so user/pass were correct) and the NoScript plugin which had limited permissions granted to the site so some JS was…
markdwhite
  • 1,023
  • 2
  • 6
  • 7
107
votes
5 answers

How can waiting 24 hours to change the password again be secure?

So I managed to change my password on a service to the "wrong" password, for simplicity let's just say I changed it to an insecure password. Now, I wanted to change it to a more secure password but instead I got a nice error message: The password…
ZN13
  • 928
  • 2
  • 6
  • 10
107
votes
15 answers

Why did customer services say using symbols in a password is insecure?

I am using an online service that I recently had to reset my password because I forgot it. When I went to change password I wanted to use one with a symbol !@£$%^&*(). When I clicked "confirm password" it displayed "_Invaid Data" to me which I…
iProgram
  • 1,187
  • 3
  • 9
  • 15
1 2 3
99 100