IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
79
votes
3 answers

Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable?

For example, say the following are HTTPS URLs to two websites by one IP over 5 mins: "A.com/1", "A.com/2", "A.com/3", "B.com/1", "B.com/2". Would monitoring of packets reveal: nothing, reveal only the IP had visited "A.com" and "B.com" (meaning…
blunders
  • 5,072
  • 4
  • 28
  • 45
79
votes
8 answers

How is no password more secure than username+password?

Context: I have a laptop supplied by my organisation. I am trying to connect to eduroam, but I cannot do it using my organisation's laptop. When I use a personal computer, it asks me for a username and password, just as a standard wifi network asks…
luchonacho
  • 1,351
  • 2
  • 9
  • 14
79
votes
6 answers

Why would I ever use AES-256-CBC if AES-256-GCM is more secure?

I guess the gist of my question is: Are there cases in which CBC is better than GCM? The reason I'm asking is that from reading this post by Matthew Green, and this question on cryptography stack exchange, and this explanation of an attack on XML…
The Quantum Physicist
  • 999
  • 1
  • 7
  • 9
79
votes
8 answers

Company does not want any names on phishing reports

We have been recently contracted to run phishing tests for a company. Let's call it a company but basically they are obligated, by law, to assess the security of their environment with phishing campaigns. We ran our first campaigns not too long ago…
pm1391
  • 1,427
  • 2
  • 8
  • 19
79
votes
8 answers

Should the sole user of a *nix system have two accounts?

Should the sole user of a *nix (particularly Linux and MacOS) have two accounts, one with sudo privileges and one without? Years ago I read that on your personal computer you should do your daily tasks as an unprivileged user and switch to a…
Ender Wiggin
  • 905
  • 1
  • 6
  • 7
79
votes
1 answer

What is this kind of low-intensity, non-hacking attack on a web service?

I am seeing for about 10 days now a bunch of EC2 machines (about 30, distributed in all regions) which are attacking a server of mine. The interesting (or uninteresting, I do not know yet) fact is that they target an open web service on a…
WoJ
  • 8,968
  • 3
  • 33
  • 51
79
votes
3 answers

Does correcting misspelled usernames create a security risk?

Does correcting a misspelled username and prompting the user with a valid username introduce a security risk? I recently tried logging into facebook and misspelled my email. They prompted me with the message below. Log in as…
GER
  • 865
  • 1
  • 7
  • 9
78
votes
16 answers

Ensure that a file can only be decrypted after a specific date

Are there any cryptographic schemes/protocols that would allow me to encrypt a file, make it publicly available, but ensure that it can only be decrypted after specific date? I assume it would be almost impossible without a trusted authority…
Martin Vegter
  • 1,947
  • 4
  • 28
  • 39
78
votes
8 answers

Convincing my manager to use salts

My manager says we don't need to salt our passwords because people are not likely to use the same password because they all have different native languages, in addition to the websites they are active at. What is the best counter argument to this?
user46866
  • 881
  • 6
  • 4
78
votes
15 answers

How to write an email regarding IT Security that will be read, and not ignored by the end user?

I've observed that several of our users are ignoring messages sent from IT Security managers, and also the system generated "You just sent a virus" notifications. The problem seems to be among people who are not computer savvy, who are in no way…
makerofthings7
  • 50,488
  • 54
  • 253
  • 542
78
votes
7 answers

Touch Screen Password Guessing by Fingerprint Trace

After eating some garlic bread at a friend's who is not security-aware, she managed to quickly determine the PIN code to unlock the screen of my Samsung SIII. She figured this out by simply holding the device against the light and looking at the…
Lex
  • 4,257
  • 4
  • 20
  • 27
78
votes
7 answers

Is there any security threat with open WiFi connection?

For a few days, my mobile device has been able to catch Wi-Fi signals that are within its radius. It's not asking for a password to use the service. So, I'm using the Wi-Fi service whenever I need to. Is there any chance to hack my email and other…
Mahesh.D
  • 871
  • 1
  • 7
  • 8
78
votes
11 answers

If someone asks to borrow your phone to make a call, what could they do?

A stranger walks up to you on the street. They say they lost their phone and need to make a phone call (has happened to me twice, and maybe to you). What's the worst a phone call could do? Let's assume they don't run, don't plug any devices into the…
Andy Ray
  • 1,128
  • 1
  • 8
  • 13
78
votes
5 answers

Can someone steal my IP address and use it as their own?

I am not talking about home networks (like hacking my wifi and using it). Can someone from another geographical location steal my IP address in some way? For example: I am angry with you. -> I want to make you suffer and managed to find your IP…
dispos_Acc
  • 781
  • 1
  • 6
  • 6
78
votes
8 answers

If we should encrypt the message rather than the method of transfer, why do we care about wifi security? Is this just security theatre?

Most answers to this question about the security of satellite internet boil down to: encrypting the message is more important than encrypting the method of transfer. However, there seems to be a lot of focus on wi-fi security. For what threat models…
gerrit
  • 1,830
  • 1
  • 18
  • 26
1 2 3
99 100