Highest Voted Questions - IT Security Stack Exchange

80

votes

3 answers

What is a good general purpose GnuPG key setup?

Since most key types can be used for multiple purposes, namely certification, authentication, encryption and signatures, one could simply use one key for everything - which is a bad idea, as elaborated e.g. by Thomas Pornin. So one should use…

key-management pgp

asked Feb 27 '13 at 09:06

Tobias Kienzler

7,658
11
43
68

80

votes

6 answers

Can malicious code fit in 14 bytes?

I was reading this The New York Times (NYT) article about the hack of Jeff Bezos's phone. The article states: The May 2018 message that contained the innocuous-seeming video file, with a tiny 14-byte chunk of malicious code, came out of the…

malware exploit attacks

asked Jan 23 '20 at 02:22

Stud Sterkel

795
1
5
6

80

votes

5 answers

Does code obfuscation give any measurable security benefit?

I've always firmly held the belief that obfuscation is essentially useless. Obfuscated code is not impossible to read, only harder to read. I had the belief that a sufficiently skilled attacker would be able to bring the obfuscated code back into a…

obfuscation

asked Oct 09 '19 at 14:44

user163495

80

votes

4 answers

Why add username to salt before hashing a password?

I have seen examples of password hashing that were: H(username + salt + password). What is the purpose of adding username? Is there any purpose?

passwords hash

asked Mar 08 '18 at 06:51

JustinLovinger

790
1
6
8

80

votes

3 answers

Possible reason for displaying two different websites on single domain?

This is something interesting. Try going to http://www.circaventures.com/ You will get a venture capital company. Now go to google and search "Circa Ventures". The first result you get is the exact same domain but the description is "medical…

google domain

asked Jan 01 '18 at 09:04

Maggi Iggam

781
5
5

80

votes

5 answers

Why are ransomware attackers not tracked down via bitcoin transactions?

A bitcoin transaction has details of the incoming address as well as the outgoing address (where the bitcoins are being transferred), so my question is why that outgoing address has not done anything in tracking down ransomware attackers, like the…

ransomware bitcoin tracking

asked Jun 23 '17 at 08:04

Ashmika

789
1
5
4

80

votes

5 answers

What is torrent encryption and does it make my traffic anonymous?

This question is inspired by this article (in Russian) about a website called I Know What You Download. From what I understand, they scan the DHT networks and display torrents that any given IP participated in, and although it is sometimes…

anonymity bittorrent

asked Jan 25 '17 at 11:11

Gallifreyan

911
1
7
8

80

votes

3 answers

Does OpenPGP key expiration add to security?

I've created a new OpenPGP key to sign a software package in a source repository with an expiration date three years from now. It seemed like a good security measure, because if the key is compromised or stolen the damage will be limited. But then I…

key-management pgp digital-signature openpgp

asked May 08 '12 at 11:25

Adam Matan

1,277
2
11
14

80

votes

8 answers

How is 'Removing RAM' a security risk?

Today I was watching a video on 'Ethical Hacking' where, while discussing hardware attacks, the narrator said: Removing RAM or components from a desktop or a laptop Here's a screenshot: I understand that removing stuff like storage drives is a…

vulnerability hardware physical physical-access

asked May 19 '16 at 11:37

undo

2,085
2
13
18

80

votes

4 answers

Charging someone else's cell phone in my car

A sketchy looking person walked up to my car the other day while I was parking and asked if he could charge his cell phone in my car and offered to pay me $5. I didn't allow him to charge his phone in my car of course, but it made me wonder if there…

phone

asked Apr 08 '16 at 21:42

courtney

749
5
4

80

votes

5 answers

What techniques do advanced firewalls use to protect againt DoS/DDoS?

It is hard to protect a server against Denial of Service attacks, DoS/DDoS. The two simple ways I can think of is to use a server with much resources (e.g. CPU and memory), and to build the server application to scale-up very well. Other protection…

attack-prevention network firewalls ddos

asked Nov 12 '10 at 00:28

Jonas

5,163
7
33
35

79

votes

6 answers

How does PGP differ from S/MIME?

Is S/MIME an abstracted system for general MIME type encryption, whereas PGP is more for email? Why would I want to choose one over the other, or can I use both at the same time?

cryptography encryption email public-key-infrastructure pgp

asked Oct 05 '11 at 04:14

Tyler Gillies

893
1
7
5

79

votes

10 answers

Would it be good secure programming practice to overwrite a "sensitive" variable before deleting it?

Is it good secure programming practice to overwrite sensitive data stored in a variable before it is deleted (or goes out of scope)? My thought is that it would prevent a hacker from being able to read any latent data in RAM due to data-remanence. …

programming secure-coding compiler data-remanence

asked Dec 04 '14 at 16:18

Jonathan

3,157
4
26
42

79

votes

10 answers

How to report vulnerabilities without being regarded as a hacker?

I just discovered that my university alumni's login page is just plain HTTP. Wireshark confirmed that the credentials are sent using an HTTP POST message. I did a bit of research and, as I thought, HTTPS should always be used on the login page…

disclosure

asked Oct 29 '14 at 14:32

user29170

79

votes

6 answers

How to disclose a security vulnerability in an ethical fashion?

How to disclose a security vulnerability in an ethical way? I've heard there are various schools of thought on this topic. I'd like to know the pros/cons of each.

ethics disclosure

asked Nov 11 '10 at 22:44

Olivier Lalonde

5,079
8
32
35

Most Popular