Highest Voted Questions - IT Security Stack Exchange

96

votes

5 answers

How do services with high uptime apply patches without rebooting?

How are critical security updates installed on systems which you cannot afford to reboot but the update requires a reboot. For example, services/businesses that are required to run 24x7 with zero downtime, e.g. Amazon.com or Google.

updates patching

asked Oct 24 '18 at 06:24

secureninja

861
1
7
5

96

votes

3 answers

Does hanging up on a UK landline call not terminate the connection?

AgeUK (and others) warn about making phone calls directly after receiving a scam call and advise you to "wait for the line to clear": Use a different phone if you can, or wait 5 to 10 minutes after the cold call if using the same phone - just in…

phone

asked Sep 14 '15 at 15:35

Matt Zeunert

983
1
6
8

95

votes

4 answers

What are the career paths in the computer security field?

What sorts of jobs are there, in which organizations, with what sorts of day-to-day responsibilities? What areas are good for folks coming out of school, vs what are good 2nd careers for experienced folks coming from various disciplines?

people-management career

asked May 12 '11 at 22:02

nealmcb

20,693
6
71
117

95

votes

4 answers

Chrome generated passwords not high entropy?

On Chrome, if you open a sign up page, it will offer to fill and remember the password field. I did this and got the following sequence of passwords offered as…

passwords chrome entropy

asked Aug 01 '18 at 16:59

gngdb

863
1
6
6

95

votes

15 answers

Why would someone "double encrypt"?

If I have a website or mobile app, that speaks to the server through a secured SSL/TLS connection (i.e. HTTPS), and also encrypt the messages sent and received in-between user and server on top of the already secure connection, will I be doing…

encryption tls

asked Mar 15 '16 at 08:57

Lighty

2,378
1
23
36

94

votes

10 answers

Why do we not trust an SSL certificate that expired recently?

Every SSL certificate has an expiration date. Now suppose some site's certificate expired an hour ago or a day ago. All the software by default will either just refuse to connect to the site or issue security warnings. This recently happened to…

tls certificates public-key-infrastructure certificate-authority

asked Feb 25 '13 at 05:47

sharptooth

2,171
1
19
22

94

votes

8 answers

Can secret GET requests be brute forced?

Say, I have on my server a page or folder which I want to be secret. example.com/fdsafdsafdsfdsfdsafdrewrew.html or example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html If the secret part of the path is quite long, can I assume…

brute-force url physical-access path-injection

asked Jun 19 '18 at 04:57

Kargari

921
1
6
5

94

votes

4 answers

Should I revoke no longer used Let's Encrypt certificates before destroying them?

The Let's Encrypt documentation recommends that when a certificate’s corresponding private key is no longer safe, you should revoke the certificate. But should you do the same if there are no indications that the key is compromised, but you no…

certificates public-key-infrastructure certificate-revocation letsencrypt

asked Aug 03 '17 at 10:23

Philipp Claßen

1,054
1
8
16

94

votes

4 answers

Will quantum computers render AES obsolete?

This is a spin off from: Use multiple computers for faster brute force Here's at least one source which says that quantum computers are on the way to being able to break RSA in the not too distant future. I am not a security expert, and don't know…

aes rsa quantum-computing

asked Mar 06 '16 at 00:05

BuvinJ

1,003
1
8
11

93

votes

7 answers

How do I know a piece of software only does what the author claims?

Without being a programmer or a computer expert, how can I know if a particular program or any piece of software in general doesn't have hidden unwanted functions compromising privacy and security?

source-code backdoor

asked Feb 06 '13 at 21:08

user3533

999
6
7

93

votes

9 answers

Does anybody not store salts?

We talked about password hashing and salting in class today. Our professor had a very different understanding of the use case of salts from mine and said that you might not store the salt at all and just check every login attempt with all possible…

authentication hash salt

asked Jul 15 '16 at 09:33

jazzpi

1,049
1
8
6

93

votes

6 answers

Script Kiddies - how do they find my server IP?

I've set up a site on Digital Ocean without a domain yet, so there is only the IP. Despite telling no-one of its existence or advertising it, I get hundreds of notices from fail2ban that various IP's are trying to hack my SSL port or are looking for…

attacks penetration-test webserver brute-force

asked Feb 12 '16 at 12:53

microwth

2,141
2
15
20

92

votes

2 answers

What is the relationship between "SHA-2" and "SHA-256"

I'm confused on the difference between SHA-2 and SHA-256 and often hear them used interchangeably (which seems really wrong). I think SHA-2 a "family" of hash algorithms and SHA-256 a specific algorithm in that family. Is that correct? Can someone…

sha sha256

asked Apr 29 '15 at 17:01

Mike B

3,366
4
29
39

92

votes

6 answers

Best place to store authentication tokens client side

When my users are authenticated they receive an authentication token, I need to use this authentication token to authorize some asp.net WebAPI calls. To do this I need to add the token to the head of that call, so I need the token accessible from…

web-application oauth .net

asked Feb 03 '15 at 09:45

jfamvg

1,023
1
8
5

92

votes

5 answers

Why does my IT department block Firefox?

We received a message from the IT bods this week stating: Summary of the issue: IT will disabling and blocking the use of the browser Firefox next Thursday the 03.12.20 on all IT managed devices. Due to certain vulnerabilities and security risks…

vulnerability firefox

asked Nov 28 '20 at 23:33

Sam

673
1
4
6

Most Popular