Highest Voted Questions - IT Security Stack Exchange

66

votes

10 answers

Bad practice to have a "god" password?

Is it bad security practice to have a password that will allow you to access any user account on a website for support purposes? The password would be stored in a secure manner and would be super complex. Huge mistake?

web-application passwords

asked Feb 07 '14 at 17:08

Abe Miessler

8,165
10
45
72

66

votes

3 answers

Are the sticks of RAM in my desktop computer volatile? Is it safe to sell them?

I have two sticks of RAM in my computer that I would like to sell or donate. From what I understand some RAM is volatile, losing all its contents when power is gone for a few minutes, and some is non-volatile, retaining that information after power…

forensics memory

asked Feb 04 '21 at 11:47

user250432

66

votes

3 answers

Why does Windows store Wi-Fi passwords in a reversible format?

Running netsh wlan export profile key=clear in PowerShell will dump your current stored Wi-Fi settings, including the password, into xml files inside of whatever directory you are currently in. Why is it that Windows would store credentials in a…

passwords windows wifi

asked Aug 24 '19 at 19:14

Wazanator

741
1
6
7

66

votes

4 answers

Is an up-to-date browser secure on an out-of-date OS?

Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes? Minor question: typically, how long would the browsers stop…

web-browser appsec operating-systems attack-vector windows-7

asked Apr 10 '19 at 02:17

Ooker

1,529
1
13
17

66

votes

7 answers

Why would a school need to install certificates on student laptops?

This question indicates parents are to buy laptops for a school to install software and certificates. I am seeking to understand reasons for site certificates installation: Why would site certificates be installed? What is the potential for…

certificates

asked Jan 09 '19 at 13:43

gatorback

1,541
2
13
17

66

votes

6 answers

Why should we care about Adobe Flash?

I was under the impression that Adobe Flash was dead, and that browsers were no longer natively supporting Flash? Why therefore, is there a large amount of hype online about a new remote code execution vulnerability in flash?

flash

asked Apr 11 '18 at 15:25

KingJohnno

1,155
2
11
19

66

votes

7 answers

Is it safe/wise to store a salt in the same field as the hashed password?

In using Argon2 for hashing passwords in my application, I've noticed it generates a string like this (e.g. for password "rabbit"): $argon2i$v=19$m=65536,t=3,p=1$YOtX2//7NoD/owm8RZ8llw==$fPn4sPgkFAuBJo3M3UzcGss3dJysxLJdPdvojRF20ZE= My understanding…

password-management databases salt storage argon2

asked Apr 06 '18 at 14:26

PenumbraBrah

771
1
5
6

66

votes

3 answers

Why is Firefox (and only Firefox) reporting that my connection is insecure on multiple sites?

After installing Firefox 54.0.1 on my work laptop, the first page I see warns me that "Your connection is not secure" when opening https://www.mozilla.org/. "The owner of Firefox has configured their website improperly" After browsing a bit more, I…

tls certificates man-in-the-middle firefox

asked Jul 20 '17 at 15:04

Stevoisiak

1,535
1
12
27

66

votes

1 answer

What are the implications of a SHA-1 collision being found?

Google have announced the discovery of a SHA-1 collision between two PDF files with distinct content. While SHA-1 hashes are no longer permitted for SSL/TLS certificate fingerprints, and other measures would prevent certificate fingerprints from…

hash sha

asked Feb 23 '17 at 13:44

Matthew

27,263
7
89
101

66

votes

1 answer

What's the risk if I accidently type my password into a username field (Windows logon)?

I'm used to logging into my personal Mac which is a password-only field (like waking from sleep mode). Sometimes I have to use a Windows network on which I have an account, but of course I have to type my username first. Still, going right into my…

passwords authentication network windows active-directory

asked May 12 '12 at 20:11

Matt

3,212
2
21
27

66

votes

9 answers

Proving creation time/date of a screenshot

I have to produce a screenshot of a web page, and want to make sure others will know without any doubt that this screenshot has been produced today. That is, I would like to embed today's date in the screenshot as irrefutable proof the screenshot…

digital-signature non-repudiation

asked Jun 26 '16 at 09:11

User

763
1
5
6

66

votes

4 answers

What is the point of gibberish spam

I fairly often happen across forums spammed with messages such as: Arugula (Eruca sativa) is an quarterly green, pretended or roquette. It's been Traditional times, overclever 20 flat has be useful to "foodie" movement.Before impediment 1990s,…

spam

asked Mar 11 '12 at 03:51

Hot Licks

917
7
14

66

votes

5 answers

HTTPS web service switched to HTTP. What can go wrong?

I recently visited a website which used to have an HTTPS connection. Now it has just a plain HTTP connection, and the authentication method has changed from user+password to "authenticate with Google account". I contacted them and asked them why…

web-application attacks http

asked Apr 18 '16 at 17:44

Peque

663
1
5
7

66

votes

4 answers

Why should servers be placed outside of the corporate network?

In an answer to How do you deal with massive port scans?, user tylerl said: ... And you, like a wise IT admin, run all your servers elsewhere on the internet, not inside your corp network, for a whole raft of reasons I won't go into here As a…

network

asked Feb 10 '16 at 10:27

topher

821
8
13

66

votes

3 answers

Why do email programs block xml files?

A colleague sent a .xml file to me earlier today, which was blocked by Outlook. As we were discussing the workaround (put it in a .zip), we got to wondering why .xml files are blocked. My colleague reckons it's because the browser is the default…

email xml

asked Oct 26 '15 at 12:31

KidneyChris

695
1
5
7

Most Popular