Highest Voted Questions - IT Security Stack Exchange

70

votes

1 answer

How does the log4shell vulnerability work?

Log4shell is making the news. A vulnerability in the widely used logging tool Log4J is putting many servers and even some desktop applications at risk of remote code execution. How does this vulnerability work? What sort of mistake makes it…

log4shell jndi

asked Dec 14 '21 at 13:47

Anders

65,052
24
180
218

70

votes

3 answers

Is this a SQL injection attack or is it some sort of bug?

I was looking through some data in our database when I came across a bunch of weird user_id entries: user_id -1080) ORDER BY 1# -1149 UNION ALL SELECT 79,79,79,79,79,79,79,79,79# -1359' UNION ALL SELECT 79,79,79,79,79,79,79,79,79,79-- JwSh -1409'…

sql-injection postgresql

asked Sep 29 '17 at 09:54

turnip

785
1
6
10

70

votes

2 answers

Why does Gmail (add accounts) using SMTP server recommend SSL instead of TLS?

I stumbled something interesting today when I was adding an account to my gmail one. Why is SSL boldly stated as recommended when TLS supersedes SSL? The links for SSL and TLS is the same: https://support.google.com/mail/answer/22370?hl=en

tls gmail smtp

asked Jun 14 '17 at 04:20

user153882

773
1
5
13

70

votes

8 answers

Why use HTTPS Everywhere when we have HSTS supported browsers?

I know that the browser's default protocol to access any site is http:// when https:// is explicitly not mentioned, but even then if we browse to a website say www.facebook.com, the response header from the Facebook servers would have HSTS mentioned…

tls web-browser http browser-extensions plugins

asked Apr 25 '17 at 20:49

GypsyCosmonaut

882
1
7
16

70

votes

6 answers

Can a malicious actor lock the real user out by deliberately trying incorrect passwords every X minutes?

Some websites lock out a user after a series of incorrect password attempts for example for 15 minutes. If a malicious actor knows this, can they deliberately try logging in with incorrect passwords every 15 minutes to prevent the real person from…

account-security account-lockout

asked Apr 05 '17 at 15:35

yeti

865
1
6
8

70

votes

4 answers

How do I clear cached credentials from my Windows Profile?

Windows seems to be saving my credentials for a variety of applications (terminal servers, etc) and I'd like to purge this data. How can I backup and purge this data?

authentication windows certificates

asked Jun 02 '12 at 15:41

makerofthings7

50,488
54
253
542

70

votes

10 answers

Is removing the Ethernet cable from the router (when I'm not using it) a good security measure?

I have here at home a router, like many people out there. The router is connected with an Ethernet cable that comes from the modem. But, to prevent hackers or anything else to try bothering me, if I'm not using the router, is removing the Ethernet…

router internet

asked Mar 19 '17 at 22:15

Nori-chan

995
2
9
11

70

votes

7 answers

What is the possible impact of dirtyc0w a.k.a. "Dirty COW" bug?

I heard about Dirty COW but couldn't find any decent writeup on the scope of the bug. It looks like the exploit can overwrite any non-writable file, which makes me guess that local root is possible via substitution of SUID programs. Is that right?…

linux exploit known-vulnerabilities kernel dirty-cow

asked Oct 21 '16 at 10:42

d33tah

6,514
8
39
61

70

votes

2 answers

How can ISPs handle DDoS attacks?

How can an ISP with low bandwidth like 50 Gbps handle a DDoS attack with more than this? I know there is a solution called "Black Hole". Is this enough to mitigate DDoS attacks or are there any other enterprise solutions? What kind of DDoS…

attacks ddos denial-of-service isp cdn

asked Aug 24 '16 at 06:58

R1W

1,617
3
15
30

70

votes

4 answers

Does Microsoft's "Password Ban" list insecurely store user passwords?

According to SecurityWeek, Microsoft is banning common passwords, and they will dynamically update their list: Microsoft says it is dynamically banning common passwords from Microsoft Account and Azure AD system. […] Microsoft is seeing more than…

passwords password-policy

asked May 26 '16 at 16:57

Michael

2,432
2
20
37

70

votes

5 answers

Strange Payment Gateway

I have a freelance client that wants me to integrate a payment gateway into their Woocommerce site but I am being increasingly concerned about their choice of provider and the project as a whole. The Issues Against my advice the client has selected…

xss payment-gateway

asked Oct 16 '15 at 13:10

user5451386

803
6
7

70

votes

5 answers

Can my mouse have virus and infect other machines?

This is my mouse. I used it with my old computer which was full of viruses. If I use this mouse for my new PC, can my new computer be infected from my mouse?

virus infection

asked Sep 21 '15 at 04:33

Nhật Phát

641
1
5
4

69

votes

4 answers

What are requirements for HMAC secret key?

I'm creating HTTP REST service which will be available over tls only. For authentication purposes I plan to generate JWT token for every user using HMAC HS256. I need a secret key for HMAC. What are the requirements for secret key? Do I need a long…

key-generation hmac sha256

asked Aug 05 '15 at 10:49

ivstas

793
1
6
6

69

votes

2 answers

What is the purpose of these weird non-spam emails?

A mail made it through the spam filter and i wonder what the purpose is. It is not spam. Tracking? But how? Who? and why? In the source code there are this weird passages like ... =EA=85=9F =EA=8F=92 who benefits how? no links nothing else in this…

email spam

asked Aug 03 '15 at 17:18

puhubear

583
1
4
6

69

votes

7 answers

Trying to make a Django-based site use HTTPS-only, not sure if it's secure?

The EFF recommends using HTTPS everywhere on your site, and I'm sure this site would agree. When I asked a question about using Django to implement HTTPS on my login page, that was certainly the response I got :) So I'm trying to do just that. I…

tls url-redirection nginx

asked Nov 16 '11 at 20:46

John C

1,217
2
11
15

Most Popular