Most Popular

1500 questions
61
votes
8 answers

How Secure is a Fingerprint Sensor Versus a Standard Password?

According to Apple, Touch ID the probability of a fingerprint matching is 1:50000 while the probability of guessing a four digit passcode is 1:10000. Statistically speaking, this would make Touch ID five times more secure. But the answer isn't that…
Gavin Youker
  • 1,280
  • 2
  • 11
  • 24
61
votes
4 answers

How worried should I be about getting hacked with PoisonTap?

I just heard of PoisonTap today. Here is a short description from a TechCrunch article: PoisonTap connects to the USB port and announces itself not as a USB device, but an Ethernet interface. The computer, glad to switch over from battery-sucking…
Dennis Jaheruddin
  • 1,715
  • 11
  • 17
61
votes
3 answers

Are leet passwords easily crackable?

Making a strong password AND remembering it is like eating while talking. You choke. So the same thing might happen if you have a p455w0(R).|L1K3thys and someone cracks it. I'm just not sure if it's actually true. Are these leet passwords more…
Foxcat385
  • 717
  • 1
  • 5
  • 5
61
votes
4 answers

I think I accidentally DoS'd a website. What should I do?

I was browsing a website, and stumbled across a sample scheme for password-protecting web pages. The owner of the website specifically had a page that invited people to attempt to hack it. I wanted to give it a try, so I wrote up a quick python…
Michael0x2a
  • 721
  • 1
  • 5
  • 9
60
votes
6 answers

What can hackers do with ability to read /etc/passwd?

On the exploit websites I see security analysts and hackers targeting the /etc/passwd file when showing the proof of concept. If you have a local file inclusion or path traversal vulnerability on your server, and hackers are able to access (view,…
Danny Z
  • 709
  • 1
  • 5
  • 4
60
votes
2 answers

Why does Windows Ship with Expired SSL Certificates?

I am cleaning up the certificate stores on my Windows machines, and considering which certificates I should keep, and which ones I should delete. Why does a fresh install of Windows Server 2012 R2 come with certificates such as these: Considering…
60
votes
2 answers

Why do browsers enforce the same-origin security policy on iframes?

I did a small test on Chrome (V37) today. I created a small page and loaded it to the browser: Untitled Document

Normal page

sampathsris
  • 805
  • 1
  • 6
  • 12
60
votes
4 answers

Are there DRM techniques to effectively prevent pirating?

A question on Skeptics.SE asks whether current DRM techniques effectively prevent pirating: Is DRM effective? The question for IT Security is: Can DRM be made effective, and are there any examples? One approach that has been discussed here leverages…
MrHen
  • 703
  • 1
  • 5
  • 5
60
votes
9 answers

Two-Step vs. Two-Factor Authentication - Is there a difference?

These days, there's pretty much three forms of authentication in general use on the web: Single-factor authentication, e.g.: PIN or password. Two-factor authentication, e.g.: Single-factor plus a software- or hardware-generated token code, or a…
Iszi
  • 27,027
  • 18
  • 99
  • 163
60
votes
15 answers

How is "hacking" even possible if I "defend" properly?

On a Linux-based server, I follow basic practices as below: Make the admin account password long and complicated enough (i.e. theoretically speaking, password cannot be cracked within reasonable time). Monitor all incoming network traffic to the…
J. Berman
  • 603
  • 5
  • 6
60
votes
5 answers

Is 7-Zip's AES encryption just as secure as TrueCrypt's version?

The main difference being TrueCrypt creates containers and 7-Zip encrypts the file itself, so file sizes can be guessed. Now let's just talk about the strength and breakability of the encryption. Update:…
superuser
  • 1,141
  • 5
  • 11
  • 16
60
votes
3 answers

Why do "remote desktop" software (allegedly) commonly have a "blackout" feature?

I've been watching videos of scammers being tricked. Frequently, the scammer makes their scam victim install some weird "remote desktop" program claimed to be for tech support purposes. These programs apparently allow the person connecting to the…
Cutter
  • 479
  • 1
  • 3
  • 4
60
votes
4 answers

What is the purpose of a targeted email without any meaningful content?

I received an email to my corporate email account from an external Gmail account. The list of recipients clearly shows (an eventually successful) attempt to guess my email address based on my personal information (nothing confidential — all of it is…
Itaypk
  • 703
  • 4
  • 6
60
votes
5 answers

What's the impact of disclosing the front-face of a credit or debit card?

There are quite a few cases where people are called out for disclosing the front-face of a credit or debit card (e.g. this tweet from Brian Krebs or this twitter account). So I was wondering what the impact of this disclosure for the card holder is…
Rory McCune
  • 61,541
  • 14
  • 140
  • 221
60
votes
4 answers

What is SHA-3 and why did we change it?

On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm, does this mean we need to stop using SHA-2 as it is not secure? What is this SHA-3 anyway?
Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196