IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
77
votes
8 answers

Need to access old forgotten router that only supports SSLv3

I need to access the web interface of a router standing here in the office. The problem is that it only supports SSLv3 and I cannot find a browser that allows me to connect to it. In order to update the router, I also need to be able to login to…
tomsv
  • 893
  • 1
  • 7
  • 8
77
votes
10 answers

If I enter a password on the wrong site, should I consider it compromised?

I have recently started to make use of a password manager and good password practices. I have a different password for each site that I use. If I accidentally use the password from another site when logging in to a webpage, should I consider the…
JonnyWizz
  • 1,961
  • 1
  • 15
  • 34
76
votes
7 answers

What makes Let's Encrypt secure?

Let's Encrypt is an initiative from the Electronic Frontier Foundation (EFF), Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to automatically provide every domain owner with a recognized certificate that…
user253751
  • 4,610
  • 3
  • 21
  • 17
76
votes
19 answers

What security resources should a white-hat *developer* follow these days?

What sites, twitter accounts, FOSS software should a white-hat code 'hacker' follow these days? Do Include: Late breaking information on new security issues (RSS, Twitter, etc) A website that tracks unpatched security issues per vendor Twitter…
makerofthings7
  • 50,488
  • 54
  • 253
  • 542
76
votes
12 answers

Is Google overreaching by forcing me to use TLS?

Gmail was recently changed to require HTTPS for everyone, whether they want to use it or not. While I realize that HTTPS is more secure, what if one doesn't care about security for certain accounts? Some have criticized Google for being Evil by…
tylerl
  • 82,665
  • 26
  • 149
  • 230
76
votes
4 answers

"Optimal" Web Server SSL Cipher Suite Configuration

Over the last couple of years there have been a number of changes in what would be considered an optimal SSL cipher suite configuration (e.g. the BEAST and CRIME attacks, the weaknesses in RC4) My question is, what would currently be considered an…
Rory McCune
  • 61,541
  • 14
  • 140
  • 221
76
votes
3 answers

Did US and UK spy agencies defeat privacy and security on the internet?

This question is meant as a canonical question in regard to the US and UK spy agencies compromising end nodes and encryption between nodes to spy on people they suspect to be terrorists. However, this has the side effect of significantly elevating…
Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
76
votes
6 answers

Is using a public-key for logging in to SSH any better than saving a password?

Using a public/private key pair is fairly convenient for logging in to frequented hosts, but if I'm using a key pair with no password, is that any safer (or less safe) than a password? The security around my private key file is paramount, but say…
Nick T
  • 3,392
  • 4
  • 21
  • 28
76
votes
8 answers

Why is email often used as the ultimate verification?

In many services, email can be used to reset the password, or do something that is sensitive. Sensitive data is also quite often sent to you by email, e.g. long links that enable access to your account or similar. However for most people, their…
Teipekpohkl
  • 973
  • 1
  • 4
  • 7
76
votes
13 answers

Why is a link in an email more dangerous than a link from a web search?

Everyone knows of the common cybersecurity tips to be careful when you open links in an email. But every day we look for something on the Internet, clicking links which the search engine shows us, and we do not have the same fear. Why are the links…
Adam Shakhabov
  • 843
  • 1
  • 5
  • 7
76
votes
10 answers

Is it safe to pay bills over satellite internet?

We bought a house. We need internet for basic research, email and paying bills, but there is no internet... Even a dedicated hotspot will not give us a stable connection. We are planning to get satellite internet. Is it safe to pay bills and access…
user2429794
  • 703
  • 1
  • 5
  • 5
76
votes
13 answers

Why do people hide their license plates in the EU?

I often recognise that people blur their license plates on pictures on the internet in Germany. I can't figure out what's the fuss. The information is public nevertheless (I mean it's on your vehicle), nobody but appropriated authorities can get any…
OddDev
  • 629
  • 2
  • 6
  • 10
76
votes
5 answers

How can I be pwned if I'm not registered on the compromised site?

I recently was emailed from HaveIBeenPwned.com (which I am signed up on) about the ShareThis website/tool (not signed up on). I have no memory of signing up for that service. When I go to recover the account (I might as well close/change password),…
AncientSwordRage
  • 1,925
  • 4
  • 17
  • 19
76
votes
10 answers

Bank wants my Online-banking PIN through the telephone

My new girocard did not reach me. I wanted to call the bank to block the old and get a new one. So I checked my online banking and found a phone number ("Block card: girocard or visa card lost? Call 04106-...). I called said number, and I talked to…
Alexander
  • 2,143
  • 2
  • 17
  • 22
76
votes
8 answers

If we are behind a firewall, do we still need to patch/fix vulnerabilities?

I have recently joined a security focused community in my organisation. Many of our products are deployed in the intranet (on-premise) nothing in the public cloud. So, the internal portals can be accessed within the organisation's network…
Rakesh N
  • 861
  • 1
  • 6
  • 6
1 2 3
99 100