Highest Voted Questions - IT Security Stack Exchange

104

votes

4 answers

Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

Lots of different programs, such as Darik's Boot and Nuke, let you write over a hard drive multiple times under the guise of it being more secure than just doing it once. Why?

data-leakage deletion storage

asked Jan 07 '12 at 18:58

Tom Marthenal

3,302
4
23
26

103

votes

19 answers

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time…

exploit defense updates user-education

asked Nov 16 '19 at 20:06

gaazkam

5,657
11
24
38

103

votes

16 answers

Security BY obscurity is horrible. Is security AND obscurity good?

Normally I preach that rolling your own custom crypto algorithm is a bad idea. But will it really hurt if it's the outermost layer though? Or will it make security worse? AES -> CipherText -> CustomEncryptionAlgorithm-> CipherText I'm thinking…

cryptography obscurity

asked May 30 '18 at 18:11

user3280964

1,162
2
8
13

102

votes

10 answers

Unsubscribe safely

I have heard that is better to never click to any link in an email. Is it a bad idea to click to a unsubscribe link? What is the best way to unsubscribe to undesired mails?

email spam

asked Jun 30 '15 at 09:22

Nrc

1,153
2
7
7

102

votes

4 answers

Can I add a password to an existing private key?

Say I have previously created a private/public key combination, and decided at the time to not protect the private key with a password. If I later decide to "beef up" security and use a password-protected private key instead, would I need to…

public-key-infrastructure

asked May 31 '14 at 20:18

IQAndreas

6,667
9
33
52

102

votes

5 answers

Can I safely preview a short link?

There are a lot of different URL shorteners out there, like Bitly or TinyURL. Besides their main purpose of shortening a link, they also: obfuscate the actual URL collect statistics about the usage of the short link From the obfuscation, at least…

url-redirection url obfuscation

asked Sep 22 '21 at 06:55

stackprotector

1,633
3
6
16

102

votes

4 answers

Why is this 435 × 652 pixel JPEG over 6 MB?

This was, before someone helpfully fixed it after seeing this question, a relatively unassuming and tiny photo of a ̶f̶i̶s̶h̶ nudibranch, with 283,620 pixels. It has some metadata: text Exif tags as well as 8.6kB of Color Profile information, and a…

forensics obfuscation steganography

asked May 18 '20 at 11:05

David

782
2
5
9

102

votes

9 answers

Buying a "Used" Router

I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage. I'm a bit nervous that it could have been modified by whoever had it last. What are the main risks in…

hardware router firmware reinstall

asked Feb 19 '19 at 17:23

GWR

1,203
2
9
11

102

votes

8 answers

Can someone read my E-Mail if I lose ownership of my domain?

Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like…

email domain

asked Jan 03 '19 at 05:20

Skiddie Hunter

1,098
2
6
12

102

votes

3 answers

Token-based authentication - Securing the token

I have developed a backend REST API for a mobile app and I am now looking to implement token-based authentication for it to avoid having to prompt the user to login on every run of the app. What I had in mind was on the initial request the user…

authentication

asked Sep 03 '12 at 11:55

James

1,708
3
13
18

102

votes

13 answers

Why is root security enforced but $HOME typically unprotected?

Coming from the comments in this question Why is it bad to log in as root?: The sudo mechanics is in use so non-administrative tools "cannot harm your system." I agree that it would be pretty bad if some github project I cloned was able to inject…

linux permissions sudo root

asked Feb 26 '18 at 16:00

phil294

1,032
2
7
11

102

votes

6 answers

What is the purpose of confirming old password to create a new password?

Suppose that someone stole my password, he/she can easily change it by confirming the old password. So, I am curious that why do we need that step and what is the purpose of using old password confirmation?

passwords password-policy account-security

asked Jun 15 '17 at 09:33

ronaldtgi

1,215
3
10
14

102

votes

5 answers

Why do you have to be an admin to create a symlink in Windows?

In linux every user can create symlinks, but in Windows I need an admin command line, or mklink fails. Why is that?

windows permissions

asked Dec 29 '11 at 08:50

ripper234

1,196
2
8
12

101

votes

6 answers

Are GUIDs safe for one-time tokens?

I see a lot of sites use GUIDs for password resets, unsubscribe requests and other forms of unique identification. Presumably they are appealing because they are easy to generate, unique, non-sequential and seem random. But are they safe enough for…

web-application cryptography passwords identity random

asked Nov 30 '10 at 15:25

Michael Haren

1,112
2
7
7

101

votes

5 answers

How can my employer be a man-in-the-middle when I connect to Gmail?

I'm trying to understand SSL/TLS. What follows are a description of a scenario and a few assumptions which I hope you can confirm or refute. Question How can my employer be a man-in-the-middle when I connect to Gmail? Can he at all? That is: is it…

encryption tls authentication man-in-the-middle

asked Jul 17 '14 at 08:52

Lernkurve

1,134
3
9
10

Most Popular