IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
92
votes
9 answers

Is it a security vulnerability if the addresses of university students are exposed?

I am sorry for my lack of knowledge in this matter. My university (basically an international university in the UK that has students from different countries) has a website which requires the students to login before they can access their…
Ghulam Ali
  • 875
  • 1
  • 6
  • 9
92
votes
4 answers

How does XSS work?

I have very little experience in web development, but I'm interested in security. However, I haven't fully understood how XSS works. Can you explain it to med? The Wikipedia article give me a good idea but I don't think I understand it very well.
Ither
  • 1,039
  • 1
  • 9
  • 9
92
votes
9 answers

Is it possible make brute-force attacks ineffective by giving false positive answers to failed log-in attempts?

I don't have any experience or scientific knowledge in security, I just wanted to ask if this is possible because I am interested in it. What if I encrypt data and every password decrypts it, but only the right one does not create pointless data…
Tweakimp
  • 891
  • 1
  • 7
  • 8
92
votes
4 answers

I was tricked on Facebook into downloading an obfuscated script

I got a notification on Facebook: "(a friend of mine) mentioned you in a comment". However, when I clicked it, Firefox tried to download the following file: comment_24016875.jse This is an obfuscated script which seems to download an executable…
Nacib Neme
  • 1,204
  • 2
  • 10
  • 11
92
votes
11 answers

Is there a threshold for a password so long it doesn't get any more secure or even becomes insecure?

I always hear "A long password is good, a longer password is better". But is there such a thing as a "Password is so long it is becoming unsafe" or "Password is long enough, making it longer won't matter"? I am interested in the security of the…
Mindwin Remember Monica
  • 1,138
  • 1
  • 8
  • 15
91
votes
7 answers

Should I get an antivirus for Ubuntu?

Considering the recent thread regarding anti-virus for the Mac I wonder how many of the arguments put forth are relevant today to Linux systems, specifically Ubuntu. There are no known Ubuntu desktop malware in the wild. GNU/Linux is a very…
dotancohen
  • 3,696
  • 3
  • 25
  • 34
91
votes
2 answers

How secure is Ubuntu's default full-disk encryption?

How secure is the encryption offered by ubuntu (using the disk utility)? What algorithm is used underneath it? If someone could at least provide a link to some documentation or article regarding that I would be very grateful. Reference:
Jonnathan Soares
  • 1,021
  • 1
  • 8
  • 7
91
votes
8 answers

How would one crack a weak but unknown encryption protocol?

I was reading this interesting question: Is my developer's home-brew password security right or wrong, and why? It shows a weak home-brew algorithm developed by "Dave", and the answers discuss why this is a bad idea. (Actually hashing algorithm…
Ram Rachum
  • 1,998
  • 2
  • 19
  • 20
91
votes
5 answers

How does Facebook track your browsing without third party cookies?

Facebook has served me an ad for a website I visited earlier in the day. I have third party cookies disabled and have not followed any links between the website and Facebook (links which could contain a tracking ID connecting my Facebook account to…
Jesse
  • 761
  • 1
  • 6
  • 5
91
votes
15 answers

How to deal with low-probability high-impact risks?

There is a strategic question that we are banging our heads against in my IT department, which essentially boils down to this: There is a type of attack against our systems that can cause a lot of damage if missed or not addressed properly. More…
David Bryant
  • 1,129
  • 2
  • 8
  • 10
91
votes
4 answers

Can a student ID containing an NFC chip be cloned?

The head of our IT department and Networking class in my college has given me and another student a challenge; he told us that if we could clone the NFC tags in our student ID's used to sign in on time, he would give one of us unlimited access to…
myopicflight
  • 951
  • 1
  • 7
  • 4
90
votes
9 answers

Hardening Linux Server

We have already had questions on here about Hardening Apache, Hardening PHP and Securing SSH. To continue this trend I am interested in what steps people take to harden Linux servers. As in what steps do people always take when setting up a new…
Mark Davidson
  • 9,427
  • 6
  • 45
  • 61
90
votes
17 answers

Why do we still use keys to start cars? why not passwords?

Around a year ago I have asked a question about the weakest factor of authentication. I have had some good answers that convinced me as I always imagined the authentication process in my head as some employee in a high security facility trying to…
Ulkoma
  • 8,793
  • 16
  • 66
  • 95
90
votes
4 answers

What is the use of a client nonce?

After reading Part I of Ross Anderson's book, Security Engineering, and clarifying some topics on Wikipedia, I came across the idea of Client Nonce (cnonce). Ross never mentions it in his book and I'm struggling to understand the purpose it serves…
user2014
  • 1,003
  • 1
  • 8
  • 6
90
votes
12 answers

How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

This question has been revised & clarified significantly since the original version. If we look at each trusted certificate in my Trusted Root store, how much should I trust them? What factors should be taken into consideration when I evaluate the…
makerofthings7
  • 50,488
  • 54
  • 253
  • 542
1 2 3
99 100