IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
69
votes
4 answers

How does the digital signature verification process work?

I am not able to understand that how the digital signature is verified. I know that digital signature will be attached to the message and sent by sender to receiver. then receiver uses the public key is used to verify it. Here are my…
n92
  • 879
  • 2
  • 9
  • 9
69
votes
7 answers

Is it possible the person sitting across from me at Starbucks was trying to hack my laptop?

I was using my laptop at a Starbucks on a table, and a person was using a laptop on the same table across from me, a couple seats to my side. He flicked some plastic thing across the table towards my laptop. What really freaked me out was he then…
Murvin
  • 653
  • 1
  • 5
  • 4
69
votes
2 answers

What is the most hardened set of options for GCC compiling C/C++?

What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that…
rook
  • 47,004
  • 10
  • 94
  • 182
69
votes
6 answers

My email address is being used to enroll for online services. Should I be concerned?

Just before Christmas I received the following message in one of my GMail accounts: Sign-in attempt was blocked ********@gmail.com [redacted by me] Someone just used your password to try to sign into your account. Google blocked them, but you…
Wes Sayeed
  • 765
  • 1
  • 5
  • 7
69
votes
3 answers

Got an email saying my password is weak, reason for concern?

I recently received an email from a well-known company stating that the password I use is weak and can be easily guessed. The email seems legit with no attempt to steal information, they only say "log into your account and go to account->account…
darnok
  • 731
  • 1
  • 5
  • 5
69
votes
4 answers

Understanding 2048 bit SSL and 256 bit encryption

On DigiCert's page, they advertise a 2048 bit SSL with a 256 bit encryption: http://www.digicert.com/256-bit-ssl-certificates.htm What exactly is the difference here and why are two encryption bits being referenced? Here's a screenshot of the…
JohnJ
  • 857
  • 1
  • 8
  • 8
69
votes
7 answers

User can't navigate to webpage through the UI due to permissions, but are able to navigate to page by pasting the URL. How do I protect against this?

In my application, users have certain roles which have permissions. These permissions dictate which UI elements are available to them at the home screen. Many of the elements link to other pages, which many users cannot see because their permissions…
Michael
  • 861
  • 2
  • 9
  • 19
69
votes
5 answers

Is a 'dumbphone' mobile more secure for basic phone calls than a smartphone?

By dumbphone I mean: no internet connection, very limited features, etc. By more secure I mean: secure from malicious and direct hacking. I don't mean as in protected from government tapping/snooping; I don't mean from authorities who could be…
infinite-etcetera
  • 770
  • 1
  • 5
  • 10
69
votes
8 answers

What is the difference in security between a VPN- and a SSL-connection?

I would like to design a client-server application where the server is placed on Internet. I assume that I could set up the client-server connection using VPN (is it using IPSec?) or using a SSL connection (possibly https). What are the differences…
Jonas
  • 5,163
  • 7
  • 33
  • 35
69
votes
3 answers

How does ransomware get the permissions to encrypt your disk?

Recently, my employer blocked access to Gmail, Yahoo Mail, etc., because an employee downloaded an email attachment which contained ransomware and got their disk encrypted. QUESTION : How does ransomware get the root/admin permissions to encrypt…
irritable_phd_syndrome
  • 757
  • 1
  • 5
  • 6
69
votes
6 answers

What's the difference between using HSTS and doing a 301 redirection?

If I already have done a 301 redirection from all the HTTP inner pages to HTTPS, why should I use HSTS as well?
Franzech Domâs
  • 985
  • 1
  • 8
  • 10
69
votes
7 answers

Which topics should a security training for non-IT persons contain?

(I am not sure, if this question fits the security.stackexchange-board, but the list of askable topics does not exclude this question imho and there are some examples) I've worked for several different companies of which some had outsourced their…
hamena314
  • 2,017
  • 1
  • 16
  • 23
69
votes
7 answers

Does one need to be a good programmer to perform secure source code analysis?

A person has good knowledge of overall security risks, knows what OWASP Top 10 vulnerabilities are, and has certifications like CEH, CISSP, OSCP, etc. which are more black-box testing. And also he has gone through the OWASP Testing Guide, Code…
Krishna Pandey
  • 1,497
  • 1
  • 16
  • 26
68
votes
7 answers

Can RAM retain data after removal?

Is it possible for RAM to retain any data after power is removed? I don't mean within a few minutes such as cold boot Attacks but rather 24 hours plus. Working with classified systems the policy always seems to treat RAM the same as disks and must…
MattP
  • 783
  • 1
  • 6
  • 7
68
votes
8 answers

Are passwordless SSH logins more secure?

I had a long discussion with my co-workers whether key-based SSH authentication (particularly for OpenSSH) is more secure than authentication using passwords. My co-workers always connect to servers with passwords, while I prefer to log into a…
Daniel
1 2 3
99 100