Highest Voted Questions - IT Security Stack Exchange

106

votes

11 answers

How dangerous is it to reveal your date of birth, and why?

At some point I told a friend that it's dangerous to reveal your birth date (kind of like your social security number or your mother's maiden name), because it's a crucial piece of information for identity theft. However, I'm not sure what exactly…

identity-theft persec

asked Jul 27 '15 at 06:55

user541686

2,522
2
22
28

106

votes

10 answers

Prevention measures against laptop seizure at US borders

Since laptop and other electronic device seizures at US borders became legal without a warrant (including making copies of data), 7% of ACTE's business travelers reported being subject to a seizure as far back as February 2008. What measures have IT…

disk-encryption corporate-policy protection

asked May 11 '15 at 05:53

Dan Dascalescu

1,955
2
15
24

106

votes

11 answers

Technology that can survive a "Rubber-Hose attack"

In the documentary film Citizenfour, Edward Snowden says about documents: I'm comfortable in my technical ability to protect [documents]. I mean you could literally shoot me or torture me and I could not disclose the password, even if I wanted…

passwords file-encryption

asked Mar 04 '15 at 15:55

QBR8ZIKvyJ

971
2
7
4

106

votes

7 answers

School performs periodic password audits. Is my password compromised?

My university sent me an email informing me that, during a "periodic check", my password was found to be "easily discoverable and at risk of compromise". As I understand it, there shouldn't be a way for them to periodically check my password unless…

password-management

asked Mar 05 '19 at 18:11

GB1553

833
2
5
8

106

votes

1 answer

In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?

There are many questions about picking a hash function, including How to securely hash passwords? or Are there more modern password hashing methods than bcrypt and scrypt?, with very detailed answers, but most of them date quite a bit. The consensus…

passwords hash bcrypt scrypt argon2

asked Sep 10 '18 at 00:59

jcaron

3,565
2
16
23

105

votes

11 answers

Best practices for Apache Server hardening?

What are some best practices, recommendations, required reading for securing an Apache Server?

webserver hardening configuration apache

asked Nov 11 '10 at 23:08

Eric Warriner

3,291
3
26
20

105

votes

12 answers

Why is client-side hashing of a password so uncommon?

There are very few websites that hash the users password before submitting it to the server. Javascript doesn't even have support for SHA or other algorithms. But I can think of quite a few advantages, like protection against cross-site leaks or…

authentication passwords hash password-cracking account-security

asked Mar 18 '14 at 10:18

Maestro

1,163
2
8
8

105

votes

10 answers

Why is blog spam always written so badly?

Some spam messages fresh from my Wordpress filter: Asking questions are in fact pleasant thing if you are not understanding something totally, except this article gives good understanding yet. and Thanks for any other informative blog. Where…

spam

asked Jun 13 '13 at 17:33

Lucas

1,019
2
7
9

105

votes

7 answers

Is MD5 considered insecure?

After all these articles circulating online about md5 exploits, I am considering switching to another hash algorithm. As far as I know it's always been the algorithm of choice among numerous DBAs. Is it that much of a benefit to use MD5 instead of…

hash md5 software secure-renegotiation

asked Sep 08 '12 at 17:21

Tawfik Khalifeh

2,542
6
22
27

105

votes

5 answers

Is sending password to user email secure?

How secure is sending passwords through email to a user, since email isn't secured by HTTPS. What is the best way to secure it? Should i use encryption?

encryption passwords cryptography hash email

asked Aug 01 '12 at 10:18

user310291

1,403
2
12
13

105

votes

3 answers

How are anti viruses so fast?

The common anti-virus (to my knowledge) uses a kind of brute force type method where they get the hash of the file and compare it to thousands of known virus' hash. Is it just they have servers with super fast SSD and they upload the hashes to that…

virus antivirus

asked Nov 11 '17 at 22:41

Harry

983
2
7
8

105

votes

14 answers

Could keystroke timing improve security on a password?

When I was young, and had just started out in my software-development career 20 years ago, I wrote a little bit of code on my Amiga that took a password, but also recorded (within some threshold), the speed at which each letter of a password was…

passwords

asked Apr 28 '16 at 19:31

Moo-Juice

1,132
2
8
8

104

votes

8 answers

How can I reliably erase all information on a hard drive?

As storage technologies change over time, using different encodings and remappings to deal with sector errors, the best way to permanently erase/wipe/shred data changes also. Methods for flash drives and other solid-state drives are covered nicely…

hardware data-leakage destruction deletion storage

asked Jul 28 '11 at 14:40

nealmcb

20,693
6
71
117

104

votes

3 answers

Why do we trust US Certificate Authorities?

Why do people trust companies in countries with big surveillance programs like the US? Many US Certificate Authorities secure the web for live SSL/TLS connections. Still, a NSL would be enough for the government to gain the right to intercept the…

certificate-authority

asked Nov 06 '17 at 00:38

Richard R. Matthews

1,139
2
9
13

104

votes

2 answers

Can a rogue .wmv file "hijack" Windows Media Player?

I've downloaded a .wmv file using P2P. Attempting to play it with Media Player Classic (K-Lite Codec Pack) only gave me a green square in the playback window: I noticed that the video came with a readme file, however; I found the following…

windows virus

asked Nov 22 '15 at 15:27

user4520

1,027
2
8
9

Most Popular