Highest Voted Questions - IT Security Stack Exchange

84

votes

5 answers

How does Google's "No Captcha reCaptcha" work?

Google has released a new form of captcha identification of bots, that asks the user to click a single checkbox. It uses image-based verification only if necessary. Could someone please explain to me as to how such a program differentiates a human…

captcha bot

asked Jan 09 '15 at 17:37

ghosts_in_the_code

955
1
6
9

84

votes

2 answers

Best practices for Tor use, in light of released NSA slides

It has been known in the security community that a tool as versatile as Tor is likely the target of intense interest from intelligence agencies. While the FBI has admitted responsibility for a Tor malware attack, the involvement of SIGINT…

privacy anonymity tor surveillance nsa

asked Oct 05 '13 at 01:53

nitrl

3,003
4
20
23

84

votes

5 answers

Somebody bumped into me, next day my storage unit was burglarized

While I was walking in the street, somebody carrying a laptop bag bumped into me, and the next day I found out that my storage unit was burglarized and some important items were stolen. My storage unit door uses a magnetic-stripe card without a PIN,…

physical

asked Jun 10 '13 at 16:52

Green Fly

1,957
1
16
21

84

votes

8 answers

Do advertisers listen as we talk?

A person talks about a certain thing (product or service) with another person and a short time after the talk the person gets the advertising of the discussed thing on the mobile or desktop device. I heard and read about such occurrences and didn't…

privacy mobile surveillance

asked Jul 25 '20 at 11:48

Evgeniy

721
1
5
6

84

votes

14 answers

How can I protect myself from false accusations when our company practices password escrow?

During an internship for a small company, my boss created an account for me, so I generated a password and I used it. The next day, my boss told me to write down the password of my account on a piece of paper, put it in a letter and to sign the…

password-management physical

asked Jan 31 '16 at 17:28

malloc

854
1
9
11

83

votes

6 answers

Should RSA public exponent be only in {3, 5, 17, 257 or 65537} due to security considerations?

In my project I'm using the value of public exponent of 4451h. I thought it's safe and ok until I started to use one commercial RSA encryption library. If I use this exponent with this library, it throws exception. I contacted developers of this…

cryptography encryption cryptanalysis

asked Mar 01 '11 at 08:59

Vladislav Rastrusny

1,083
1
9
9

83

votes

9 answers

How to fight browser fingerprinting?

https://panopticlick.eff.org/ , aka "How unique and trackable is your browser". For example it usually gives me a unique score. The biggest entropy values come from navigator.plugins and fonts via java and flash, but the linked pdf also points out…

web-browser privacy

asked Oct 23 '12 at 22:21

n611x007

2,255
3
16
17

83

votes

5 answers

How to proceed with a white-hat hacker claiming a vulnerability?

I am a security member of a small company which recently got contacted by someone claiming to be a Hackenproof member. They were reporting on our website being indexed by googlebot (metadata, thin page content, anchor text issues) and an XSS…

disclosure bug-bounty white-hat

asked Feb 13 '19 at 19:59

Vcode

866
1
6
9

83

votes

10 answers

Why is JavaScript "safe" to run in the browser?

JavaScript has certain limitations such as preventing reading and writing to disk and not allowing access to other browser windows or domains. But is that all that's needed to prevent malicious code from running? JavaScript is pretty powerful, and…

web-browser javascript

asked Nov 30 '18 at 05:28

PBeezy

1,741
2
10
11

83

votes

8 answers

Is it possible to "fake" being connected to a router?

A friend of mine is taking a UNIX systems class and mentioned to me that when they take exams they do so on their computers. That is all students are using their own computer/laptop. Students are not being provided a computer by the professor. In…

network linux wifi digital-signature

asked Apr 27 '17 at 00:18

Ryan

711
1
5
6

83

votes

7 answers

How many digits of a Visa card number can vendors disclose on receipts?

I visited a local McDonald's, and I noticed part of my Visa number repeated on the receipt like this: NNNN NN__ ____ NNNN. (So out of a total of 16 digits it breaks down like this: First six digits revealed, middle six digits hidden, final four…

pci-dss credit-card regulation

asked Dec 12 '16 at 04:12

SimZal

903
1
6
5

83

votes

4 answers

How to implement “forgot password” functionality?

For my project I need a "forgot password" functionality. I am not quite sure how to implement this kind of functionality yet so I was hoping to find some "best practice" on the internet but couldn't find anything useful that treats every important…

password-management password-reset

asked Mar 18 '16 at 10:13

Stefan Falk

1,047
1
9
12

83

votes

6 answers

What security features are important when buying a smartphone?

I'm looking at replacing my very old android smartphone. Information security is increasingly a feature that I'm looking for. As well as being slow, I don't think I can upgrade my current handset to the latest android versions or even the latest…

smartphone vendor-selection

asked Mar 10 '16 at 10:02

James Bradbury

2,027
20
27

82

votes

13 answers

What are the pros and cons of site wide SSL (https)?

What are the pros and cons of encrypting all HTTP traffic for the whole site through SSL, as opposed to SSL on just the login page?

web-application tls webserver

asked Nov 12 '10 at 22:32

Olivier Lalonde

5,079
8
32
35

82

votes

5 answers

CSRF protection with custom headers (and without validating token)

For a REST-api it seems that it is sufficient to check the presence of a custom header to protect against CSRF attacks, e.g. client sends "X-Requested-By: whatever" and the server checks the presence of "X-Requested-By" and drops the request if the…

csrf

asked Oct 30 '12 at 09:59

Mads Mobæk

923
1
7
7

Most Popular