Highest Voted Questions - IT Security Stack Exchange

76

votes

12 answers

Is there any definitive way to tell if an email is a phishing attempt?

Is there any definitive way to tell if an email is a phishing attempt? What cues should the "average computer" user employ to detect a phishing email?

email phishing

asked Sep 19 '17 at 16:52

daikin

999
1
6
8

76

votes

8 answers

Is running "apt-get upgrade" every so often enough to keep a Web-server secure?

Assumptions: Normal LAMP Web-server running web app. (Eg. AWS EC2+Apache2+MySQL+Php7) Not directly targeted by some super-hacker or governmental organisation etc. Related to point above, no social engineering and the web app itself is…

web-application linux webserver

asked Feb 20 '17 at 07:21

MPS

911
1
7
12

76

votes

9 answers

Can one tell if a password guess was close by the hash result?

I have been reading about password management lately (very interesting stuff!) and was wondering how different the hashes would be for similar strings. Is it possible to know if a password guess was close by comparing the resulting hash to the real…

passwords hash password-cracking

asked Sep 15 '16 at 20:50

elmer007

849
1
6
8

76

votes

9 answers

School asked us to submit our MAC addresses

My school has recently asked us to submit our MAC address to the school along with our designated name to be used to connect to the Wi-Fi. Previously this wasn't needed. I would like to ask about what kind of information that they can collect from…

wifi mac-address privacy

asked Aug 04 '16 at 07:04

cyanide

887
1
6
6

75

votes

13 answers

How reliable is a password strength checker?

I've tested the tool from Microsoft available here which tests password strength and rates them. For a password such as "i am going to have lunch tonight", the tool rates it's strength as "BEST" and for a password such as "th1$.v4l" it rates it as…

passwords entropy

asked Mar 24 '11 at 09:13

iijj

759
1
6
3

75

votes

13 answers

VP of IT claims he unhashed 100% of all 16k employees' PWs. Is he lying to us?

I work for a company which has ~16,000 employees. Periodically, our VP of IT sends out a newsletter with "tech-tips" and misc IT stuff. The topic of this week's newsletter was "password security". The introductory paragraph caught my…

cryptography passwords hash

asked Nov 28 '12 at 14:28

loneboat

1,444
1
13
16

75

votes

5 answers

Detecting steganography in images

I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward things: open the file with some archive tools; tried…

forensics steganography image

asked Feb 14 '11 at 15:17

Chris

905
1
6
8

75

votes

1 answer

How can Kazakhstan perform MITM attacks on all HTTPS traffic?

There is now MITM on HTTPS traffic in Kazakhstan. But for MITM to work, other than installing the certificate, there has to be someone proxying the request, right? Will that role be played by the ISPs? Say I want to connect to Facebook. Does the…

tls certificates man-in-the-middle certificate-authority

asked Jul 22 '19 at 11:37

microwth

2,141
2
15
20

75

votes

1 answer

Are SSL encrypted requests vulnerable to Replay Attacks?

Are SSL encrypted requests vulnerable to Replay Attacks? If so, what are good options to prevent this?

tls attacks

asked Sep 12 '12 at 18:22

rreyes1979

859
1
6
3

75

votes

5 answers

I gave my cell number to a stranger on the internet. Have I fallen victim to a scam?

I was playing an online game and I came in contact with this user. She was listed as from the same country as me (Egypt). So when she asked me for my cell phone number, I gave it to her. I figured it was to add me on WhatsApp so we can chat or…

mobile scam

asked Mar 29 '18 at 16:31

Dooma

693
1
5
8

75

votes

10 answers

Why Disallow Special Characters In a Password?

The culprit in this case is a particular (and particularly large) bank that does not allow special characters (of any sort) in their passwords: Just [a-Z 1-9]. Is their any valid reason for doing this? It seems counter productive to stunt password…

password-management databases sql-injection password-policy

asked Jul 13 '12 at 20:09

Gary

851
1
6
8

75

votes

10 answers

What is worse for password strength, a poor password policy or no password policy at all?

Recently I saw the following screenshot on Twitter, describing a obviously terrible password policy: I wonder what is worse for the password strength. Having no password policy at all or a poor password policy (like described in the screenshot)?

passwords password-management password-policy

asked Jul 26 '16 at 13:56

Bob Ortiz

6,339
9
45
91

75

votes

10 answers

Are security flaws acceptable if not much harm can derive from them?

Recently, I have discovered a security flaw in a business website. This website has a password-protected "Partners Area", and like many websites it provides a form to reset the user's password. When a user asks for a password reset for his nickname,…

account-security web password-reset

asked Jul 24 '16 at 21:27

danieleds

749
1
5
8

75

votes

11 answers

Will typing my password twice make it more secure? Or typing each character twice?

If I type my password twice (like: PwdThingPwdThing), OR type every character twice (like: PPwwddTThhiinngg) will that make it substantially more secure than it already is? Assume that it is already 8 or 9 characters, consisting of upper and lower…

passwords

asked Feb 01 '16 at 17:40

user82913

75

votes

11 answers

Sanitize computer after Homeland Security seizure

I flew from overseas back to the USA and all my electronic equipment was seized by Homeland Security, including my laptop computer, external hard drives, flash drives, etc. After more than a month I have finally gotten my stuff back. I have 2…

detection spyware

asked Nov 12 '15 at 18:09

user91785

509
5
5

Most Popular