IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
65
votes
6 answers

Is CORS helping in anyway against Cross-Site Forgery?

I've been reading in the last couple of days about CORS and in a lot of places it's mentioned as it is a "Security" feature to help the world from cross domain forgery. I still don't see the benefit and the reasoning for CORS. Ok, browsers will do…
Dan Dinu
  • 759
  • 1
  • 6
  • 5
65
votes
7 answers

Can web sites detect whether you are using private browsing mode?

Most modern browsers support "private browsing mode" (also known in Chrome as "Incognito mode"), where the browser does not save any information to disk about your browsing while in this mode. In modern browsers, can a web site detect whether a user…
D.W.
  • 98,860
  • 33
  • 271
  • 588
65
votes
9 answers

Can attackers get anything with DoS attacks except crashing the service?

A DoS (short for "denial of service") attack is a form of attack used on web services which aims to "crash" the service. Is there any motive of this form of attack besides crashing the service / website? For example, I could think of blackmailing/…
Martin Thoma
  • 3,902
  • 6
  • 30
  • 42
65
votes
5 answers

Google Chrome "Your connection to website is encrypted with obsolete cryptography"

Google Chrome is showing new information in the certificate section. Is this a big deal? If so how can I fix it on the server end? EDIT: Thanks for the answers but I'm not skilled in cryptography so the only thing I can update with is this…
IMcPwn
  • 813
  • 1
  • 7
  • 9
65
votes
5 answers

Is sending passwords through cellphone text messages secure?

Both the sender and the receiver deleted the text after it was sent, but is it still possible that it exists somewhere and that someone can get to it?
Rachel
  • 661
  • 1
  • 5
  • 4
65
votes
3 answers

Why are hand-written signatures still so commonly used?

Why are hand-written signatures still so commonly used? Can they actually prove anything? Two assumptions: If anyone wants to forge my signature I'm sure they will be able to do it. Even my own signature looks a little bit different every time I…
znq
  • 753
  • 1
  • 5
  • 7
65
votes
6 answers

How to Securely Implement a "Remember Me" Feature?

Assuming you already have a website that implements all of the standard login stuff, what is the correct and most secure way to allow users to automatically be logged in for a certain time period (let's say 30 days)? This time period should be…
colithium
  • 863
  • 1
  • 8
  • 10
65
votes
6 answers

If someone hacks my wi-fi password, what can they see and how?

If someone knows my wifi password (be it WEP or WPA) what can they see? Do they just see URLs I visit, or can they see everything in my browser, or even everything I do on my computer? Does using HTTPS make any difference? Secondly, If the attacker…
user20378
  • 653
  • 1
  • 6
  • 5
65
votes
2 answers

How can I prevent a computer from turning ON?

I was reading this question on Stack Exchange Workplace community and it indicates that an IT team was able to prevent a user from turning their laptop on (power on). My laptop access has been shut off (IT somehow remotely shut it down, it won't…
DxTx
  • 1,403
  • 2
  • 9
  • 20
65
votes
4 answers

Are most Linux systems that allow non-root users to execute code straightforwardly rootable?

long story short if you can execute code on a box it is usually straightforward to get root (quote source) The immediate implication of this quote (if it's accurate) is that if you're running a multi-user system and don't try your darndest to…
gaazkam
  • 5,657
  • 11
  • 24
  • 38
65
votes
10 answers

Should I be concerned about strange, new iPhone app appearing after repair?

I had my iPhone battery replaced in a phone repair shop. After collecting it, I noticed that there is a strange new app installed, some "Chinese" web browser. It has no alphanumeric name and nothing in the interface was in English. I spoke with the…
Rafi Rosa
  • 733
  • 1
  • 5
  • 9
65
votes
6 answers

Are there objective reasons to not allow Google Chrome extensions, but to allow Firefox extensions?

Recently, the company I work for has forbidden usage of any extensions in Chrome. They also do not allow account sync. This affected virtually all Web developers since they use Chrome to test their front-end code and use an extension or two to…
Alexei
  • 2,183
  • 3
  • 10
  • 23
65
votes
3 answers

What happens if you run WannaCry after installing the necessary patches?

I understand that WannaCry spreads itself by exploiting the SMBv1 vulnerability, which is fixed by patch MS17-010. Does this mean that even with the patch installed, WannaCry can still infect the computer--if the user downloads and executes it--but…
Lh Lee
  • 647
  • 1
  • 5
  • 5
65
votes
5 answers

Why is passing the session id as url parameter insecure?

I recently followed a discussion, where one person was stating that passing the session id as url parameter is insecure and that cookies should be used instead. The other person said the opposite and argued that Paypal, for example, is passing the…
Jonathan Egerton
  • 815
  • 1
  • 8
  • 6
65
votes
6 answers

SSL with GET and POST

I'm pretty new to security, so forgive my basic question, but does SSL encrypt POST requests but not GET requests? For instance, if I have two requests GET: www.mycoolsite.com/index?id=1&type=xyz POST site: www.mycoolsite.com/index { Params:…
TomJ
  • 753
  • 1
  • 6
  • 5
1 2 3
99 100