Highest Voted Questions - IT Security Stack Exchange

90

votes

4 answers

How to determine if a browser is using an SSL or TLS connection?

I want to know whether my browser is using SSL or TLS connection if I see HTTPS. I want to know for IE, Firefox, Chrome and Safari. I want to know the protocol version.

tls web-browser

asked Aug 22 '12 at 21:05

zhtway

1,143
1
8
9

90

votes

1 answer

Wiping an SSD with Parted Magic seemed too quick

I'm selling a computer with an SSD (it's a Lenovo ThinkPad Carbon X1). I wiped the drive using Parted Magic. I used the ATA method. I'm not sure what that is but it was the only setting available. It said it would take two minutes but the wipe was…

storage deletion ssd data-remanence

asked Apr 09 '18 at 08:12

user1102550

981
1
10
15

90

votes

10 answers

Why do people tell me not to use VLANs for security?

I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They…

network firewalls vlans

asked Jan 10 '11 at 08:47

jtnire

1,001
1
8
3

89

votes

9 answers

How to distinguish between a scam and a genuine call?

My bank called me the other day and the person who spoke to me failed to give me a single evidence that he is calling from my bank. The bank number is hidden just like many other companies maybe because they use VOIP to make calls or they don't…

phishing social-engineering

asked Jun 15 '15 at 17:41

Ulkoma

8,793
16
66
95

89

votes

3 answers

Why is using an SSH key more secure than using passwords?

If people use a password to log in to a UNIX server, then it could be forced to expire the password, then they change it. If people use an ssh key and have no passwords, no password expiry, then nothing forces them to change their SSH key…

ssh

asked Oct 10 '14 at 18:39

thequestionthequestion

1,191
2
10
9

89

votes

4 answers

SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?

(Sorry I know this is a complete noob question and at the risk of posting a somewhat duplicate topic. I have a basic understanding of public/private key, hashing, digital signature... I have been searching online & stack forum last couple days but…

tls certificates certificate-authority digital-signature

asked Apr 22 '14 at 21:07

SecurityNoob

1,001
1
8
6

89

votes

4 answers

Is there any actual security benefit to restricting foreign IP addresses?

I am currently outside the US trying to log in to my health care provider's website and the connection just times out. I reached out to them on Twitter and they told me that as a security measure they block connections from outside of the US and…

web-application ip geolocation

asked Sep 16 '19 at 16:33

Matthew Nichols

751
1
5
8

89

votes

4 answers

Does the length of a password for Wi-Fi affect speed?

I work at a place that gives Wi-Fi to all the customers, with a password that is 19 characters long. A customer came in and claimed that because the password is long, it slows down the internet speed. Is there any truth to this claim?

passwords wifi performance

asked Aug 05 '19 at 21:06

user213838

571
1
4
4

89

votes

5 answers

Can a malware power on a computer?

I've just downloaded and executed a piece of malware on my computer. I don't have much time right now, so I just powered it off (turned it off via the Start menu), hoping that it won't be able to steal any data or do malicious activities until I can…

malware

asked Feb 12 '19 at 16:21

Benoit Esnard

13,979
7
65
65

89

votes

7 answers

How do I secure my REST API?

In detail here's the problem: I'm building an Android app, which consumes my REST API on the back-end. I need to build a Registration and Login API to begin with. After searching with Google for a while, I feel like there are only two approaches…

rest authentication tls

asked Sep 09 '12 at 08:01

noob Mama

993
1
7
7

89

votes

12 answers

IT will only give password over phone - but is that really more secure than email?

Every year an automated password reset occurs on a VPN account that I use to connect to the institution's servers. The VPN accounts/passwords are managed by the institution's IT department, so I have to send an email every year to follow up with the…

passwords password-policy

asked Aug 16 '18 at 17:39

Chris Cirefice

1,460
2
13
21

89

votes

4 answers

Is browser history an important factor when considering security?

I discovered something I consider a major vulnerability in a SaaS product that includes the username and password in the query string of the URL on registration and every login attempt. The technical support of the service has told me they consider…

web-browser

asked Jan 24 '18 at 12:02

Ivan T.

1,053
1
7
12

89

votes

1 answer

Mac OS X terminal prompt displaying foreign hostname (or: What is Stacey's iPhone doing in my Terminal?)

I opened my Terminal today and saw this: StaceysiPhone6s:~ jcz$ Who is Stacey? Why is she in my Terminal? What happened? What should I be worried about? How do I fix it?

macos terminal

asked May 01 '17 at 15:42

Jeff

953
1
6
9

89

votes

3 answers

Google account verification request

Yesterday evening my android phone (Google Play Services app) asked me to log in again into my account due to "security changes" (I don't remember the exact wording used). I double checked it was the real app and logged in again (I went through all…

android google account-security

asked Feb 24 '17 at 10:08

BgrWorker

1,941
1
11
17

89

votes

2 answers

Are prepared statements 100% safe against SQL injection?

Are prepared statements actually 100% safe against SQL injection, assuming all user-provided parameters are passed as query bound parameters? Whenever I see people using the old mysql_ functions on StackOverflow (which is, sadly, way too frequently)…

sql-injection

asked May 21 '12 at 15:51

Polynomial

133,763
43
302
380

Most Popular