IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
81
votes
2 answers

Worst case scenario, what can a Chrome extension do with "Your data on all websites" and "Your tabs and browsing activity"?

Chrome extensions, and just like other browsers, appear to often get quite some extensive access to your browser data. In fact, most extensions I've installed require access to: Your data on all websites Your tabs and browsing activity And this…
please delete me
  • 1,225
  • 2
  • 10
  • 7
81
votes
8 answers

Risks of giving developers admin rights to their own PCs

I need to convince my internal IT department to give my new team of developers admin rights to our own PCs. They seem to think this will create some security risk to the network. Can anyone explain why this would be? What are the risks? What do IT…
carolineggordon
  • 928
  • 1
  • 7
  • 8
81
votes
6 answers

Getting files back by paying Ransomware

A company I support/do work for has been hit with ransomware. I've gone down all the data recovery paths etc ... and the business has decided that paying the ransom is cheaper then rebuilding and trying to recover. My question is: has anyone gone…
Jason
  • 3,086
  • 4
  • 20
  • 24
81
votes
2 answers

Windows language pack update with a gibberish name

This morning, I noticed that a new Windows update was offered to me. It looks very suspicious to me: Here are the update details: gYxseNjwafVPfgsoHnzLblmmAxZUiOnGcchqEAEwjyxwjUIfpXfJQcdLapTmFaqHGCFsdvpLarmPJLOZYMEILGNIPwNOgEazuBVJcyVjBRL Download…
executifs
  • 4,792
  • 4
  • 24
  • 25
80
votes
17 answers

Trying to keep high school students out of the Wi-Fi network

I'm a teacher and IT person at a small K-12 school. The students are not supposed to have phones, laptops or access to the network. However, students being students they will try to find a way around the rules. The students manage to acquire the…
Dave McQueen
  • 817
  • 1
  • 6
  • 4
80
votes
6 answers

Can a lock picker slowly undermine the security of a deadbolt door?

I have a space for computers secured with a simple deadbolt. Someone keeps coming to pick the lock. While working there, I have scared them away three times. There are cameras, but not in useful places or all exits and the building manager won't let…
Village
  • 863
  • 2
  • 7
  • 8
80
votes
5 answers

How do major sites prevent DDoS?

As far as I know, I have never heard of or seen any large scale web sites like Amazon, Microsoft, Apple, Google, or Ebay ever suffer from DDoS. Have you? I have a personal philosophy that the bigger you are, the more of a target you are for such…
Lakitu
  • 931
  • 1
  • 8
  • 7
80
votes
3 answers

What are the dangers of allowing "less secure apps" to access my Google account?

According to https://support.google.com/accounts/answer/6010255: Google may block sign in attempts from some apps or devices that do not use modern security standards. Since these apps and devices are easier to break into, blocking them helps keep…
Hjulle
  • 906
  • 1
  • 6
  • 10
80
votes
10 answers

Generic error message for wrong password or username - is this really helpful?

It is really common (and I would say it is some kind of security basic) to not show on the login page if the username or the password was wrong when a user tries to log in. One should show a generic message instead, like "Password or username are…
Mirco
  • 903
  • 1
  • 8
  • 8
80
votes
3 answers

How can I create a password that says "SALT ME!" when hashed?

How can I create a password, which when directly hashed (without any salt) with md5 will return a string containing the 8 characters "SALT ME!". The hope is that a naive developer browsing through his user database will see the "hash", realize the…
Joel
  • 1,069
  • 1
  • 8
  • 7
80
votes
9 answers

Is it OK to tell your password to your company's sysadmin?

I'm working in a small company (20 employees) as a senior software engineer. After having problems with my email, our newly employed IT administrator asked me to write my user password to someone in our hosting company to help them identify the…
BЈовић
  • 1,199
  • 1
  • 9
  • 17
80
votes
5 answers

What was so dangerous about PGP that its creator was charged in court for it?

I was reading up on the history of the PGP encryption software when I realised its creator was under criminal charges for munitions export without a license for releasing the source code of PGP. What was so dangerous about PGP at that point in time…
Computernerd
  • 2,401
  • 9
  • 24
  • 30
80
votes
10 answers

Why is HTTPS not the default protocol?

Why is HTTP still commonly used, instead what I would believe much more secure HTTPS?
blunders
  • 5,072
  • 4
  • 28
  • 45
80
votes
7 answers

SQL injection -- why isn't escape quotes safe anymore?

Raw SQL When you're writing SQL -- for anything that takes human input really, a lot of things have been done to avoid the injection. Everyone that's heard of SQL injection knows that (I'm going to use PHP as a sample) doing something like this…
Incognito
  • 5,214
  • 5
  • 28
  • 31
80
votes
3 answers

Is it appropriate to use haveged as a source of entropy on virtual machines?

While looking for solutions to entropy pool depletion on virtual machines, I came across an interesting project called haveged, which is based on the HAVEGE algorithm (HArdware Volatile Entropy Gathering and Expansion). It makes a pretty fantastic…
Nic
  • 1,136
  • 2
  • 10
  • 13
1 2 3
99 100