Highest Voted Questions - IT Security Stack Exchange

100

votes

12 answers

Landlord will be watching my data traffic, as mentioned in the lease agreement

I am moving to Germany, and in the contract I signed I had to accept that all my data traffic can/will be checked by the apartment owner. The contract states: Flatrate, aber hinter 30GB Tarif priorisiert, aslo etwas langsamer Ja ich weiss, daß…

network privacy

asked Sep 11 '16 at 21:18

Olba12

1,069
2
8
13

100

votes

12 answers

Explain Security to Employer

My employer wants/wanted to install a 3rd party app on my personal cell phone. One of the issues that we are still not seeing eye-to-eye with is regarding security. Here are some issues that concern me: The 3rd party sent everyone in our company…

passwords

asked Jan 25 '16 at 08:01

w0lf42

963
2
6
7

100

votes

2 answers

Is it bad that my ed25519 key is so short compared to a RSA key?

I recently generated a new SSH key in the ed25519 format. The public key is only 69 bytes long while my old RSA key is 373 bytes. From my perception ed25519 is the more recent and secure format. So why isn't longer better here?

rsa ecc

asked Sep 24 '15 at 14:20

Alex

1,237
2
10
9

99

votes

2 answers

How do I get the RSA bit length with the pubkey and openssl?

I have a public key generated with ssh-keygen and I'm just wondering how I get information on the keylength with openssl?

ssh openssl

asked Sep 11 '13 at 17:12

Evan Carroll

2,547
4
23
35

99

votes

8 answers

How can I protect my internet-connected devices from discovery by Shodan?

There's been a lot of buzz around this recent CNN article about Shodan, a search engine that can find and allow access to unsecured internet-connected devices. Shodan runs 24/7 and collects information on about 500 million connected devices and…

network privacy hardening

asked Apr 09 '13 at 15:35

Aarthi

921
1
9
10

99

votes

5 answers

What is the benefit of having FIPS hardware-level encryption on a drive when you can use Veracrypt instead?

The expensive one: https://www.dustinhome.se/product/5010873750/ironkey-basic-s1000 The cheap one: https://www.dustinhome.se/product/5010887912/datatraveler-100-g3 Over 14,000 SEK difference in price. Same company (Kingston). Same USB standard (3).…

encryption hardware usb-drive veracrypt fips

asked Nov 24 '20 at 00:52

Taeyang

477
1
4
4

99

votes

13 answers

Why do we lock our computers?

It's common knowledge that if somebody has physical access to your machine they can do whatever they want with it1. So why do we always lock our computers? If somebody has physical access to my computer, it doesn't really matter if it's locked or…

operating-systems physical

asked Oct 22 '12 at 00:07

Tom Marthenal

3,302
4
23
26

99

votes

9 answers

Can a virus destroy the BIOS of a modern computer?

In the late 1990s, a computer virus known as CIH began infecting some computers. Its payload, when triggered, overwrote system information and destroyed the computer's BIOS, essentially bricking whatever computer it infected. Could a virus that…

malware virus operating-systems bios

asked Apr 02 '19 at 07:27

user73910

801
1
5
7

99

votes

8 answers

Can anyone provide references for implementing web application self password reset mechanisms properly?

We are implementing self password reset on a web application, and I know how I want to do it (email time limited password reset URL to users pre-registered email address). My problem is that I can't find any references to point the developers at…

appsec web-application password-management

asked Jan 27 '11 at 22:39

bdg

1,172
1
8
9

99

votes

7 answers

Attacker circumventing 2FA. How to defend?

Detailed in the latest NSA dump is a method allegedly used by Russian intelligence to circumvent 2FA. (In this instance Google 2FA with the second factor being a code.) It’s a fairly obvious scheme and one that I’m sure must be used regularly. It…

multi-factor

asked Jun 07 '17 at 15:08

TheJulyPlot

7,729
6
30
44

99

votes

14 answers

Should I tell my boss I have discovered their passwords and they are too weak?

I'm on a temporary job so they don't give me any passwords to access the sites and resources I need. Instead, they tell me to move to another computer where a regular employee is and where every password is already set and saved on the browser. I…

passwords privacy

asked Feb 02 '17 at 16:31

sysfiend

2,374
4
14
22

99

votes

13 answers

Is a 6 digit numerical password secure enough for online banking?

My bank went through a major redesign of their customer online banking system recently. The way security is managed across the platform was also reviewed. The password I am able to set now to log in is forced to be 6 digits long, numerical. This…

authentication passwords password-policy banks

asked May 31 '16 at 13:06

mika

973
1
7
9

98

votes

8 answers

Do we need to logout of webapps?

A quick Google search doesn't reveal whether it is important to logout of webapps (online banking, Amazon, Facebook, etc.), or if I am safe just closing the tab or browser. I am sure I heard on some TV show that it's best to logout... What possible…

web-application web-browser session-management

asked Oct 14 '13 at 07:03

Angelo.Hannes

1,099
1
9
12

98

votes

2 answers

How many OpenPGP keys should I make?

I am learning how to use OpenPGP keys in GnuPG, and I am wondering what is the threshold people generally use to maintain separate OpenPGP keys. Maintaining an incredibly large number of keys is not good since it makes it difficult to be trusted by…

key-management pgp gnupg openpgp

asked Jan 29 '13 at 04:48

user9117

98

votes

6 answers

Why would someone open a Netflix account using my Gmail address?

This is something that happened to me a few months ago. I don't know if it is a hack attempt, although I can't think of any way that there could be any danger or any personal information gained. I don't have a Netflix account and never have done. …

email account-security

asked May 12 '19 at 15:01

user2760608

893
1
5
7

Most Popular