Most Popular

more tags

1500 questions

votes

8 answers

How Secure is a Fingerprint Sensor Versus a Standard Password?

According to Apple, Touch ID the probability of a fingerprint matching is 1:50000 while the probability of guessing a four digit passcode is 1:10000. Statistically speaking, this would make Touch ID five times more secure. But the answer isn't that…

authentication passwords biometrics

asked Dec 05 '16 at 20:08

Gavin Youker

1,280
2
11
24

votes

4 answers

How worried should I be about getting hacked with PoisonTap?

I just heard of PoisonTap today. Here is a short description from a TechCrunch article: PoisonTap connects to the USB port and announces itself not as a USB device, but an Ethernet interface. The computer, glad to switch over from battery-sucking…

usb

asked Nov 17 '16 at 13:08

Dennis Jaheruddin

1,715
11
17

votes

3 answers

Are leet passwords easily crackable?

Making a strong password AND remembering it is like eating while talking. You choke. So the same thing might happen if you have a p455w0(R).|L1K3thys and someone cracks it. I'm just not sure if it's actually true. Are these leet passwords more…

password-cracking

asked Oct 16 '16 at 19:11

Foxcat385

votes

4 answers

I think I accidentally DoS'd a website. What should I do?

I was browsing a website, and stumbled across a sample scheme for password-protecting web pages. The owner of the website specifically had a page that invited people to attempt to hack it. I wanted to give it a try, so I wrote up a quick python…

penetration-test webserver denial-of-service ethics

asked Apr 02 '12 at 00:31

Michael0x2a

votes

6 answers

What can hackers do with ability to read /etc/passwd?

On the exploit websites I see security analysts and hackers targeting the /etc/passwd file when showing the proof of concept. If you have a local file inclusion or path traversal vulnerability on your server, and hackers are able to access (view,…

vulnerability directory-traversal

asked Jun 30 '15 at 18:03

Danny Z

votes

2 answers

Why does Windows Ship with Expired SSL Certificates?

I am cleaning up the certificate stores on my Windows machines, and considering which certificates I should keep, and which ones I should delete. Why does a fresh install of Windows Server 2012 R2 come with certificates such as these: Considering…

certificates windows public-key-infrastructure certificate-authority

asked Dec 17 '14 at 02:15

Ryan Ries

votes

2 answers

Why do browsers enforce the same-origin security policy on iframes?

I did a small test on Chrome (V37) today. I created a small page and loaded it to the browser: Untitled Document

Normal page

web-browser same-origin-policy

asked Sep 22 '14 at 04:58

sampathsris

votes

4 answers

Are there DRM techniques to effectively prevent pirating?

A question on Skeptics.SE asks whether current DRM techniques effectively prevent pirating: Is DRM effective? The question for IT Security is: Can DRM be made effective, and are there any examples? One approach that has been discussed here leverages…

access-control drm

asked Jun 19 '11 at 13:54

MrHen

votes

9 answers

Two-Step vs. Two-Factor Authentication - Is there a difference?

These days, there's pretty much three forms of authentication in general use on the web: Single-factor authentication, e.g.: PIN or password. Two-factor authentication, e.g.: Single-factor plus a software- or hardware-generated token code, or a…

authentication multi-factor

asked Sep 06 '13 at 15:12

Iszi

27,027
18
99
163

votes

15 answers

How is "hacking" even possible if I "defend" properly?

On a Linux-based server, I follow basic practices as below: Make the admin account password long and complicated enough (i.e. theoretically speaking, password cannot be cracked within reasonable time). Monitor all incoming network traffic to the…

webserver

asked Apr 12 '13 at 05:37

J. Berman

votes

5 answers

Is 7-Zip's AES encryption just as secure as TrueCrypt's version?

The main difference being TrueCrypt creates containers and 7-Zip encrypts the file itself, so file sizes can be guessed. Now let's just talk about the strength and breakability of the encryption. Update:…

encryption truecrypt

asked Jan 20 '13 at 09:45

superuser

1,141
5
11
16

votes

3 answers

Why do "remote desktop" software (allegedly) commonly have a "blackout" feature?

I've been watching videos of scammers being tricked. Frequently, the scammer makes their scam victim install some weird "remote desktop" program claimed to be for tech support purposes. These programs apparently allow the person connecting to the…

remote-desktop

asked Apr 12 '21 at 09:05

Cutter

votes

4 answers

What is the purpose of a targeted email without any meaningful content?

I received an email to my corporate email account from an external Gmail account. The list of recipients clearly shows (an eventually successful) attempt to guess my email address based on my personal information (nothing confidential — all of it is…

email phishing

asked Feb 27 '21 at 01:06

Itaypk

votes

5 answers

What's the impact of disclosing the front-face of a credit or debit card?

There are quite a few cases where people are called out for disclosing the front-face of a credit or debit card (e.g. this tweet from Brian Krebs or this twitter account). So I was wondering what the impact of this disclosure for the card holder is…

credit-card fraud

asked Oct 23 '12 at 07:15

Rory McCune

61,541
14
140
221

votes

4 answers

What is SHA-3 and why did we change it?

On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm, does this mean we need to stop using SHA-2 as it is not secure? What is this SHA-3 anyway?

hash nist sha2 sha-3

asked Oct 04 '12 at 14:17

Lucas Kauffman

54,229
17
113
196

Prev 1 2 3

…

99 100 Next