IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
82
votes
5 answers

Email Account under attack (really) - anything I can do?

Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts. My password is as strong as a password can be so the chance of brute force…
clemdia
  • 831
  • 1
  • 5
  • 7
82
votes
2 answers

Does Windows 10's telemetry include sending *.doc files if Word crashed?

I'm reading through the extensive description on which data is acquired by Microsoft's telemetry 1 including the following paragraph: User generated files -- files that are indicated as a potential cause for a crash or hang. For example, .doc,…
VoodooCode
  • 713
  • 1
  • 5
  • 6
82
votes
5 answers

What exactly is CTF and how can I as programmer prepare for a CTF with beginner-friendly people?

I reached out to an old friend of mine who was a terrific programmer back in my school days and he invited me to attend one of the CTF events with his university group. This group seems very beginner friendly and open to everyone, but I still fear…
MansNotHot
  • 823
  • 1
  • 7
  • 9
82
votes
7 answers

Company claims hardwire connections are a security issue

Someone to whom I am related is at a study camp for their desired profession. This person, let's call her Jane, is supposed to be studying rigorously for two months. The housing provided offers wireless internet connections, which are spotty and…
Erin B
  • 802
  • 1
  • 6
  • 9
82
votes
1 answer

Is Starbucks spoofing me?

When I connected to Starbucks's Wi-Fi, I got a security alert from MS Outlook that looks like this: I looked up secure.datavalet.io, but there's no mention of this thing anywhere. This does not appear when I use my mobile, home, or work Internet.…
Nomenator
  • 799
  • 1
  • 5
  • 6
82
votes
2 answers

I'm a White Hat and I develop my own viruses. Should I report it when almost all scanners say the executable is safe?

I develop my own viruses for 'scientific' purposes, namely to see if they pass the test of Virustotal.com. They all do, except for one or two scanners. Is this considered something you should report to Microsoft/McAfee/etc? If yes, how?
John Doe
  • 819
  • 1
  • 6
  • 6
82
votes
6 answers

How does CORS prevent XSS?

I recently learned about CORS and got the impression that its purpose is to prevent XSS. With CORS, the browser blocks requests to different domains, unless particular headers are in place. But if a person with malicious intent injects some…
Gigi
  • 1,300
  • 1
  • 11
  • 12
81
votes
6 answers

Does SSL/TLS (https) hide the urls being accessed

Suppose I type this in my browser https://www.mysite.com/getsecret?username=alice&password=mysecret and an attacker is watching all traffic from me to my ISP. What information is protected by HTTPS? Is the URL revealed? Are the parameters of the…
Jus12
  • 1,325
  • 2
  • 11
  • 16
81
votes
7 answers

Are random URLs a safe way to protect profile photos?

I would like to move from sequential to random user IDs, so I can host profile photos publicly, i.e. example.com/profilepics/asdf-1234-zxcv-7890.jpg. How long must user IDs be to keep anyone from finding any user photos for which they have not been…
owenfi
  • 913
  • 1
  • 6
  • 8
81
votes
5 answers

How does hashing work?

I have been interested in Information Security. I was recently introduced to the idea of hashing. What I currently understand about hashing is that it takes the password a user enters. Then it randomly generates a "hash" using a bunch of variables…
Griffin Nowak
  • 1,190
  • 1
  • 12
  • 19
81
votes
12 answers

Password policy for elderly clientele

I work for a company in which the age of our average user is over 70. We have an app* that helps them collect and submit physiological data to their doctors. I found this question that I believe is helpful if you're helping your mother set a…
capnmojo
  • 761
  • 1
  • 4
  • 5
81
votes
8 answers

What is the suggested best practice for changing a user's email address?

I recently jumped onto the hypetrain for an unnamed email service and am currently on my way to update all my accounts on various websites to get most of my (future) data off Google's Gmail. During this adventure I came across a couple user-flows of…
Marv
  • 1,053
  • 1
  • 7
  • 8
81
votes
13 answers

Is divide-by-zero a security vulnerability?

Even though sometimes software bugs and vulnerabilities are deemed as the same concept, there must be at least one distinct aspect between them, and I think the most prominent one is exploitability (the latter one having the property). What I'm…
Gwangmu Lee
  • 859
  • 1
  • 6
  • 7
81
votes
19 answers

Good analogy needed: Sec issues due to different coders implementing the same features in different ways for the same app

I have to give a school presentation about vulnerabilities found in the Moodle platform. Of course, they only apply to a legacy version which has since been patched. The catch is that the presentation should be aimed at an audience with no technical…
SuperSpitter
  • 833
  • 1
  • 6
  • 5
81
votes
4 answers

Can an identity provider impersonate me? (Can Facebook post Stack Overflow questions under my name?)

There are multiple mechanisms (some now defunct) that allow me to access service A (the Relying Party / RP) using a token granted by service B (the Identity Provider / IdP). Typically these replace a username-and-password login. Examples of IdP…
lofidevops
  • 3,590
  • 6
  • 24
  • 32
1 2 3
99 100