IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
73
votes
8 answers

How can Twitter and GitHub be sure that they haven't been hacked?

Yesterday, Twitter anounced that they recently identified a bug that stored passwords unmasked in an internal log. Recently, Github also had a similar bug. In both cases, they claim that nobody had access to these files. Twitter: We have fixed the…
Kepotx
  • 822
  • 1
  • 9
  • 16
73
votes
7 answers

Is image blurring an unsafe method to obfuscate information in images?

Is image blurring an unsafe method to obfuscate information in images? I.e., is it possible to "de-blur" the image, if you know the algorithm and the setting, or by trial & error? For instance, the image below is the Google logotype blurred with the…
P A N
  • 879
  • 1
  • 6
  • 8
73
votes
9 answers

I almost searched my password, but didn't press enter. Is my password at risk, because of autocomplete or anything else?

Without even thinking about it, I typed my password into the Google search bar, but I didn't press enter. Since autocomplete is on, does that mean my password has been logged or indexed somewhere? Would it be a good idea to change my password or is…
Randy
  • 681
  • 1
  • 5
  • 7
73
votes
2 answers

How is WhatsApp sending end-to-end encrypted messages in push notifications?

WhatsApp implemented end-to-end encryption (whitepaper) in their latest update. How is it possible for WhatsApp to send push notifications with message contents to the Apple Push Notification service? One possible solution would be to send the…
Antwan van Houdt
  • 758
  • 1
  • 6
  • 9
72
votes
6 answers

Is gmail-to-gmail still insecure? Why?

I have always heard that email is an insecure method of communication; I assume this has something to do with the email protocol itself. But when sending an email from one Gmail account to another, Google has complete control over how the email is…
Kyle Strand
  • 813
  • 1
  • 6
  • 8
72
votes
3 answers

What security scheme is used by PDF password encryption, and why is it so weak?

Many PDFs are distributed as encrypted PDFs to lock out some of their functionality (eg printing, writing, copying). However, PDF cracking software is available online, which usually cracks the PDF passwords in less than 1 second. It doesn't make…
March Ho
  • 1,685
  • 1
  • 13
  • 15
72
votes
5 answers

Does a Virtual Machine stop malware from doing harm?

I would like to know if it is safe for the host system of a virtual machine (VM - VirtualBox OSE in my case) to execute malware. Can a virus break out and read or write data from the host system? Can it establish an Internet connection if I disable…
Martin Thoma
  • 3,902
  • 6
  • 30
  • 42
72
votes
7 answers

Why can't you work backwards with public key to decrypt a message?

As the title suggests, I am curious to know why you can't work backwards using a message, public key and encrypted message to work out how to decrypt the message! I don't understand how a message can be encrypted using a key and then how you cannot…
Max
  • 839
  • 1
  • 7
  • 6
72
votes
22 answers

How can I avoid my password being harvested by key loggers from internet cafes?

During traveling, especially in poor countries, sometimes you are going to need to use the internet at an internet cafe and you really can't be sure whether anyone has installed anything to listen to your keystrokes. I've been told this method,…
stickman
  • 1,580
  • 3
  • 13
  • 18
72
votes
7 answers

How do I inform a company I found a leaked database of theirs on the Internet?

Recently I found a leaked database of a company and I do not know how to go about contacting the company. It is so weird because I cannot find any type of Information Security contact email to report this to. It just has a support email. I feel…
Arkest Must
  • 817
  • 1
  • 4
  • 9
72
votes
9 answers

What's the safest way to inform a new user of their password on an invite-only website?

I'm developing a web site where people will have accounts. However, unlike most web sites, user do not register, rather they are invited by the site admins. The site admins will create a new user profile, based on their email address, and then want…
Avrohom Yisroel
  • 715
  • 1
  • 6
  • 9
72
votes
3 answers

Securing a JavaScript Single Page App with RESTful backend

I'm currently in the process of building a JavaScript SPA and have been researching how to secure it. There is currently as RESTful API that is being completely interacted with through AJAX. We also have mobile clients that interact with this API,…
Jon Wingfield
  • 831
  • 1
  • 7
  • 5
72
votes
3 answers

CVE-2018-10933 - Bypass SSH Authentication - libssh vulnerability

Looks like CVE-2018-10933 was just released today and you can find a summary here from libssh here Summary: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an…
User0813484
  • 597
  • 1
  • 4
  • 4
72
votes
3 answers

Strange code running at startup

A piece of code was running on my Windows machine at startup. I would like to know exactly what this code is doing; it seems to refer to something like crackbook? @echo off if %PROCESSOR_ARCHITECTURE%==x86 ( START /B powershell -NoP -NonI -W…
Aditya Giri
  • 739
  • 1
  • 5
  • 8
72
votes
9 answers

How to prove that authentication system works, and that the customer is using the wrong password?

Occasionally (though rarely), some of our users say that their password doesn't work: they say that they have typed the correct password but got the 'wrong password' message. We tell them to use the reset password feature, which they do, but they…
Mario Trucco
  • 1,559
  • 2
  • 11
  • 25
1 2 3
99 100