Highest Voted Questions - IT Security Stack Exchange

61

votes

4 answers

Why do HTTPS requests include the host name in clear text?

I'm having a little bit of trouble understanding why the HTTPS protocol includes the host name in plain text. I have read that the host name and IP addresses of an HTTPS packet are not encrypted. Why the host name cannot be encrypted? Can't we just…

encryption tls dns-domain

asked Apr 23 '15 at 16:46

jay-charles

1,219
1
11
14

61

votes

4 answers

GHOST bug: is there a simple way to test if my system is secure?

GHOST (CVE-2015-0235) just popped up. How can I quickly check if a system of mine is secure? Ideally with a one line shell command. According to the ZDNet article "you should then reboot the system". Ideally the test would also indicate this...

ghost glibc

asked Jan 27 '15 at 22:03

the

1,841
2
17
33

61

votes

2 answers

I just send username and password over https. Is this ok?

When a user's logging in to my site, they send their username and password to me over https. Besides the ssl, there's no special obfuscation of the password - it lives in memory in the browser in the clear. Is there anything else I should do?…

authentication passwords tls

asked Sep 12 '11 at 05:00

Riley Lark

977
1
8
10

61

votes

1 answer

"Allow __ to be fullscreen?"

I have been asking myself for a while what's the purpose of that popup showing up in pretty much all the modern browsers upon entering the full-screen mode of a video or website. It appears to be a security measure against some sort of potential…

web-application web-browser html

asked Aug 22 '14 at 00:37

Nicola Miotto

682
6
10

61

votes

6 answers

Can my IT department read my Google Hangouts chats while at work?

Is Google hangouts encrypted? Would my work's IT guys be able see pictures and text I send while on a work computer? Yes I know I shouldn't be sending stuff I don't want them to see while at work, but it wasn't at work. I use hangouts on my phone as…

encryption privacy google

asked Aug 20 '14 at 04:36

Jack

713
1
5
4

61

votes

6 answers

Anonymity on Facebook - how do they suggest people I should know?

I want to know how Facebook discovers the people who you know in real life or who know you. I tried the following to see if Facebook can still discover my acquaintances in real life and suggest them to me as a friend. I connected using a VPN (an…

privacy vpn anonymity facebook

asked Jun 19 '14 at 08:14

Neon Flash

929
2
11
17

61

votes

6 answers

Should I obscure database primary keys (IDs) in application front end?

I'm working on an application which allows a moderator to edit information of user. So, at the moment, I have URL's like http://www.example.com/user/1/edit http://www.example.com/user/2/edit I'm a bit worried here, as I'm directly exposing the…

php mysql

asked Apr 22 '14 at 13:31

Pruthvi Raj Nadimpalli

713
1
5
5

61

votes

2 answers

Does the heartbleed vulnerability affect clients as severely?

If I have a web crawler (using a non-patched version of OpenSSL) that can be coaxed to connect to an evil https-site, can they get everything from my process memory? To attack a server you can keep reconnecting to get more 64kb blocks (if I…

openssl heartbleed

asked Apr 08 '14 at 12:55

Gurgeh

721
1
5
5

61

votes

7 answers

Testing for HTTP TRACE method

How can I test for HTTP TRACE on my web-server? I need to train a Tester how to verify that the HTTP TRACE method is disabled. Ideally I need a script to paste into Firebug to initiate a https connection to return the web server response to a HTTP…

web-application appsec penetration-test http apache

asked Feb 27 '13 at 21:34

Andrew Russell

3,653
1
20
29

61

votes

3 answers

Is bcrypt better than scrypt

Possible Duplicate: Do any security experts recommend bcrypt for password storage? I'm no security expert and do not pretend to be that's why I'm asking here. I write many PHP based applications and up to now I have been using bcrypt to hash my…

passwords hash bcrypt scrypt

asked Dec 31 '12 at 14:16

twigg

721
1
5
5

61

votes

8 answers

What are the career paths in the (illegal) computer security field?

As a whitehat pentester I often wonder about the darkside. I see myself working in the office, and imagine that there is someone just like me in China or Romania or in their parent's basement that is pretty much doing the exact same thing, but…

career people-management black-hat

asked Sep 20 '12 at 01:54

rook

47,004
10
94
182

61

votes

9 answers

How important is local time for security?

I recently wanted to see what happens when I change my local time to something obviously wrong. I tried the year 2218, so 200 years in the future. The result: I couldn't access any website anymore (I didn't try too many, though). I got this…

time ntp

asked Sep 11 '18 at 18:36

Martin Thoma

3,902
6
30
42

61

votes

1 answer

How does my browser inherently trust a CA?

I am reading this post and not understanding the answer. The answer ends with the words ...your browser can verify one cert against the next, all the way to the root CA, which your browser inherently trusts. How my browser can inherently trust a…

certificates certificate-authority

asked May 08 '17 at 03:22

polina-c

631
1
5
6

61

votes

3 answers

Merchant sent email to me with all my Credit Card info

Is there some place for a consumer to file a complaint concerning improper use of credit card information? I gave my credit card to a towing company and they sent me a receipt via email with all of my credit card info in the notes field. The email…

email credit-card

asked Jan 27 '17 at 14:14

Jim Skov

569
4
4

61

votes

7 answers

Is there an encryption algorithm that allows for a single payload to have two different outputs based on the password?

Suppose I have some confidential information that is encrypted and I'm forced/compelled to disclose that password. My goal is to make that decrypted payload seem meaningful / and the password valid. Is there any such algorithm that allows for a…

encryption cryptography steganography

asked Jan 23 '17 at 16:10

makerofthings7

50,488
54
253
542

Most Popular