Most Popular
1500 questions
61
votes
8 answers
How Secure is a Fingerprint Sensor Versus a Standard Password?
According to Apple, Touch ID the probability of a fingerprint matching is 1:50000 while the probability of guessing a four digit passcode is 1:10000. Statistically speaking, this would make Touch ID five times more secure. But the answer isn't that…

Gavin Youker
- 1,280
- 2
- 11
- 24
61
votes
4 answers
How worried should I be about getting hacked with PoisonTap?
I just heard of PoisonTap today. Here is a short description from a TechCrunch article:
PoisonTap connects to the USB port and announces itself not as a USB
device, but an Ethernet interface. The computer, glad to switch over
from battery-sucking…

Dennis Jaheruddin
- 1,715
- 11
- 17
61
votes
3 answers
Are leet passwords easily crackable?
Making a strong password AND remembering it is like eating while talking. You choke. So the same thing might happen if you have a p455w0(R).|L1K3thys and someone cracks it. I'm just not sure if it's actually true. Are these leet passwords more…

Foxcat385
- 717
- 1
- 5
- 5
61
votes
4 answers
I think I accidentally DoS'd a website. What should I do?
I was browsing a website, and stumbled across a sample scheme for password-protecting web pages. The owner of the website specifically had a page that invited people to attempt to hack it.
I wanted to give it a try, so I wrote up a quick python…

Michael0x2a
- 721
- 1
- 5
- 9
60
votes
6 answers
What can hackers do with ability to read /etc/passwd?
On the exploit websites I see security analysts and hackers targeting the /etc/passwd file when showing the proof of concept.
If you have a local file inclusion or path traversal vulnerability on your server, and hackers are able to access (view,…

Danny Z
- 709
- 1
- 5
- 4
60
votes
2 answers
Why does Windows Ship with Expired SSL Certificates?
I am cleaning up the certificate stores on my Windows machines, and considering which certificates I should keep, and which ones I should delete.
Why does a fresh install of Windows Server 2012 R2 come with certificates such as these:
Considering…

Ryan Ries
- 949
- 1
- 10
- 14
60
votes
2 answers
Why do browsers enforce the same-origin security policy on iframes?
I did a small test on Chrome (V37) today. I created a small page and loaded it to the browser:
Untitled Document
Normal page
60
votes
4 answers
Are there DRM techniques to effectively prevent pirating?
A question on Skeptics.SE asks whether current DRM techniques effectively prevent pirating: Is DRM effective?
The question for IT Security is: Can DRM be made effective, and are there any examples?
One approach that has been discussed here leverages…

MrHen
- 703
- 1
- 5
- 5
60
votes
9 answers
Two-Step vs. Two-Factor Authentication - Is there a difference?
These days, there's pretty much three forms of authentication in general use on the web:
Single-factor authentication, e.g.: PIN or password.
Two-factor authentication, e.g.: Single-factor plus a software- or hardware-generated token code, or a…

Iszi
- 27,027
- 18
- 99
- 163
60
votes
15 answers
How is "hacking" even possible if I "defend" properly?
On a Linux-based server, I follow basic practices as below:
Make the admin account password long and complicated enough (i.e. theoretically speaking, password cannot be cracked within reasonable time).
Monitor all incoming network traffic to the…

J. Berman
- 603
- 5
- 6
60
votes
5 answers
Is 7-Zip's AES encryption just as secure as TrueCrypt's version?
The main difference being TrueCrypt creates containers and 7-Zip encrypts the file itself, so file sizes can be guessed. Now let's just talk about the strength and breakability of the encryption.
Update:…

superuser
- 1,141
- 5
- 11
- 16
60
votes
3 answers
Why do "remote desktop" software (allegedly) commonly have a "blackout" feature?
I've been watching videos of scammers being tricked. Frequently, the scammer makes their scam victim install some weird "remote desktop" program claimed to be for tech support purposes. These programs apparently allow the person connecting to the…

Cutter
- 479
- 1
- 3
- 4
60
votes
4 answers
What is the purpose of a targeted email without any meaningful content?
I received an email to my corporate email account from an external Gmail account.
The list of recipients clearly shows (an eventually successful) attempt to guess my email address based on my personal information (nothing confidential — all of it is…

Itaypk
- 703
- 4
- 6
60
votes
5 answers
What's the impact of disclosing the front-face of a credit or debit card?
There are quite a few cases where people are called out for disclosing the front-face of a credit or debit card (e.g. this tweet from Brian Krebs or this twitter account). So I was wondering what the impact of this disclosure for the card holder is…

Rory McCune
- 61,541
- 14
- 140
- 221
60
votes
4 answers
What is SHA-3 and why did we change it?
On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm, does this mean we need to stop using SHA-2 as it is not secure?
What is this SHA-3 anyway?

Lucas Kauffman
- 54,229
- 17
- 113
- 196