IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
67
votes
8 answers

Can a stolen Android phone with USB debugging enabled have screen lock bypassed?

My Android (8.0) phone was pickpocketed from me yesterday. It was immediately turned off by the thief and when I tried to locate it using Find My Device it shows as offline. As a programmer and a security enthusiast, I started to worry about what…
gtbono
  • 693
  • 1
  • 5
  • 6
67
votes
7 answers

How to investigate an unknown 1.5GB file named "sudo" in my Linux home directory?

I found a file in my home directory named "sudo". It's 1.5GB in size and I have no idea where it came from. -rw-r--r-- 1 foo foo 1598296064 Aug 9 11:22 sudo Does anybody have any tips on how to proceed investigating this file? I fear that my…
AccidentalRebel
  • 603
  • 1
  • 5
  • 7
67
votes
4 answers

Why is so much ransomware breakable?

The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware. But why? It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally…
kiara
  • 681
  • 1
  • 6
  • 9
67
votes
17 answers

Alternative to sending password over mail?

Recently I've started working as a contractor for a company, which requires me to often log in to different b2b services. The way I receive the login data is usually over email in plain text. My gut feeling tells me sending sensitive data in plain…
aMJay
  • 3,645
  • 5
  • 11
  • 20
67
votes
10 answers

Why check your email in haveibeenpwned rather than regularly changing your password regardless of any leaks?

There's a lot of news right now about haveibeenpwned but I don't understand why people need a service like that in first place. If you're a security conscious user, you'd change your passwords regularly on any website that matters (banking, email,…
JonathanReez
  • 1,046
  • 1
  • 7
  • 16
67
votes
5 answers

Advised to block all traffic to/from specific IP addresses

My CFO received an email from a director at a financial institution advising that all traffic (inbound and outbound) from certain IP addresses should be blocked at the firewall. The director at the financial institution was advised by his IT…
upsidedowncreature
  • 761
  • 1
  • 5
  • 7
67
votes
4 answers

Can I get a public key from an RSA private key?

As far as I remember you encrypt the message using public key and decrypt it using private key. My question is whether it is possible to get a public key from an RSA private key. For example if I have a key like this: -----BEGIN RSA PRIVATE…
user162408
  • 661
  • 1
  • 5
  • 4
67
votes
5 answers

Why is iPhone's internal storage so hard to crack/decrypt?

I’ve heard about a rule in Information Security, that once a hacker has access to your physical machine, then it’s all over. However, there seems to be a big exception to this rule: iPhones. It was all over the news a while back that the CIA (or the…
Melkor
  • 1,295
  • 2
  • 11
  • 13
67
votes
4 answers

Are there any security risks in replying to an SMS message?

I routinely receive seemingly harmless SMS messages from unknown people. They're usually simple, like "Hi" or "Hello" or "Are you there?". This happens several times a week, and certainly often enough that it seems to be some sort of organized,…
Caleb
  • 649
  • 1
  • 5
  • 7
67
votes
3 answers

Why shouldn't I bring a computer to a key-signing party?

I'm looking at the event description for the key-signing party at an upcoming BSD conference, and it's mentioned that I shouldn't bring my computer in to the event: Things to bring no computer What risks does bringing a computer into a…
Jules
  • 1,240
  • 1
  • 10
  • 20
66
votes
6 answers

Should I be afraid of biometric IDs?

The Israeli Minister of the Interior is pushing legislation to introduce biometric IDs. On the one hand I hear his argument that it can help to prevent identity theft. On the other hand, something makes me very nervous about having my biometric…
Shaul Behr
  • 1,027
  • 1
  • 9
  • 16
66
votes
9 answers

Why does one need a high level of privacy/anonymity for legal activities?

This question is sort-of spun off of a previous one. Why do law-abiding citizens need strong security? There are a lot of great security-focused answers there. However, I think the true question that is brought up is more about privacy and…
Iszi
  • 27,027
  • 18
  • 99
  • 163
66
votes
4 answers

Is there a reason to use TrueCrypt over VeraCrypt?

I am looking to encrypt a few drives of mine, and my ONLY interest is security. It is OK if my VeraCrypt volumes are not compatible with TrueCrypt, and vice versa. There is a lot of talk about "TrueCrypt is dead" and it seems there are two forks…
Radmilla Mustafa
  • 1,018
  • 3
  • 10
  • 12
66
votes
14 answers

Sending passwords to someone remotely

As someone who usually works with people in other countries it has always been a problem to send login information to each-other. For development login details like debug databases etc sure I can send them over in clear text email or something but…
user36976
  • 3,233
  • 4
  • 15
  • 22
66
votes
3 answers

Heartbleed: Why does the client supply the length of the message at all?

"The fix for this bug is simple: check that the length of the message actually matches the length of the incoming request." Why do we even have the client report the length at all? If we can know the length of the incoming request, can't we just…
Elliot
  • 743
  • 5
  • 9
1 2 3
99 100