Highest Voted Questions - IT Security Stack Exchange

71

votes

10 answers

Does disabling right click have any impact on security?

On a banking website I see that they have disabled right-click. Does that make the site any more secure? Is it a good general practice?

web-application appsec banks

asked Feb 21 '13 at 04:01

18bytes

885
1
10
12

71

votes

2 answers

Security comparsion of 3DES and AES

Which one is more secure and least possible to be broken through cryptanalysis AES or 3DES (no matter performance)? I need to use encryption for my projects to store and secure sensitive information which includes bank accounts, sort codes, and…

encryption cryptography aes des

asked Dec 29 '12 at 18:15

DaGhostman Dimitrov

911
1
7
11

71

votes

12 answers

Why block outgoing network traffic with a firewall?

In terms of a home network, is there any reason to set up a router firewall so that all outgoing ports are blocked, and then open specific ports for things such as HTTP, HTTPS, etc. Given that every computer on the network is trusted, surely the…

network firewalls hardening

asked Nov 21 '12 at 12:17

Alex McCloy

813
1
7
5

71

votes

10 answers

Why avoid shared user accounts?

I know its best practice not to allow shared user accounts, but where is this best practice defined? Is it an ISO standard or something? What is the reasons to always create per person accounts?

access-control user-management

asked Feb 25 '19 at 15:35

Steve Venton

749
1
5
5

71

votes

6 answers

What should a verification email consist of?

Right now I'm generating a 25 character string stored in the database that can only have a 1 time use and expires 30 minutes after user registration. http://example.com/security/activate/ZheGgUNUFAbui4QJ48Ubs9Epd I do a quick database lookup and…

authentication email

asked Nov 04 '18 at 23:39

HypeWolf

731
1
6
7

71

votes

5 answers

What makes Random Number Generators so fragile?

It seems to me that a hardware component which generates random numbers is extremely simple - just measure tiny vibrations in the hardware with a sensor, right? Maybe I'm wrong but it seems like if you measured vibrations with very high precision,…

encryption cryptography random

asked Jul 29 '18 at 01:10

john doe

765
1
5
8

71

votes

3 answers

Are smartphone apps theoretically capable of detecting what a user is looking at?

For instance, would it be possible for an app to determine what pixel range on a smartphone display a user is looking at by analysing their eyes with the front facing camera? If so, with what kind of precision? It would be very discomforting to know…

privacy mobile

asked Nov 16 '17 at 11:21

Laurent

713
1
5
7

71

votes

1 answer

Why is there no certificate error while visiting google.net although it presents a certificate issued to google.com?

The following output shows that google.net is presenting a certificate that has been issued to www.google.com. $ openssl s_client -connect google.net:443 < /dev/null > out.txt 2>&1; cat out.txt depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global…

tls public-key-infrastructure firefox x.509 curl

asked Jul 10 '17 at 03:55

Lone Learner

968
1
9
18

71

votes

9 answers

How can "USB stick" online identification possibly work?

My bank recently revamped its website, and it changed for the better as far as I’m concerned. Especially, security seems to have been dramatically enhanced. Most importantly, they introduced a rather unusual (I’ve never seen this before)…

authentication banks usb

asked Jan 06 '17 at 08:11

user135452

71

votes

12 answers

Storing passwords in access-restricted Google spreadsheets?

I saw someone's interesting practice to store sensitive information. He is saving all his thousand logins (including banks and email) in a access-restricted Google spread sheet, stored on his Google drive. The link to the document is shortened using…

passwords password-management cloud-storage

asked Nov 14 '16 at 08:24

Loves Probability

835
1
6
6

71

votes

1 answer

Tell browser my site has no scripts

I have created a Tor hidden service site which has absolutely no JavaScript or other types of client side scripts. The page is HTML, CSS, images, and some JSP for handling user input. I encourage users to use NoScript, however many times users do…

privacy xss javascript tor anonymity

asked Jun 03 '16 at 11:22

k1308517

1,272
14
27

71

votes

3 answers

What was the aim of this invalid HTTP request that tells a story about goats in the request URI?

I currently run an Apache HTTP server, and have set up monitoring to receive emails whenever an error appears in the error logs. I get the usual trying to find if I'm using HTTP 1.0 and trying to see if I'm using off the shelf software like…

http apache

asked Feb 08 '16 at 13:02

Crazy Dino

1,527
12
12

71

votes

11 answers

Is there any way my password is hashed, if I'm only ever asked to provide 5 out of many characters?

There is a system that, on a login form, presents about 40 boxes for password letters (to hide password's actual length), and only random ones (the same amount each time) are editable. Explanation is - to secure me from keyloggers. Seems legit. But…

passwords hash

asked Sep 23 '15 at 10:17

Mołot

809
6
9

70

votes

3 answers

Why is Google still using a SHA-1 certificate on its own site when they are phasing them out in Chrome?

Firefox dev tools show that https://www.google.com is using a certificate signed with SHA-1. Why is Google doing this when they are phasing out the certificate themselves? Shouldn't this only hurt Google's reputation and interests?

tls google sha

asked Jun 11 '15 at 20:08

sgoblin

733
1
5
8

70

votes

7 answers

With IPv6 do we need to use NAT any more?

I'm wondering how to use NAT with IPv6. Seems that you don't even need it any more. So what exactly is the concept behind firewall configurations in IPv6 environments?

network firewalls ip ipv6 nat

asked Oct 18 '13 at 17:40

JaafarMehrez

819
1
7
5

Most Popular