IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
58
votes
3 answers

Is receiving fake torrent data possible?

While downloading a file via a torrent, what will happen if some of the peers send me fake chunks? Also, can any of the peers send me a whole fake file? For example, if I download a .torrent file which should download a file with hash sum A, and a…
user156092
58
votes
5 answers

Standards for encrypting passwords in configuration files?

My workplace has a standard that plaintext passwords are not allowed in application configuration files. This makes enough sense on its face, in case someone gets access to the config files they don't automatically have access to all the privileges…
C. Ross
  • 1,418
  • 3
  • 13
  • 16
58
votes
2 answers

Can you trace malware back to a specific keyboard?

A CNN article on the recent US Election hacks claims that ...the administration has traced the hack to the specific keyboards -- which featured Cyrillic characters -- that were used to construct the malware code, adding that the equipment leaves…
David says Reinstate Monica
  • 1,118
  • 1
  • 15
  • 20
58
votes
9 answers

What can a company do against insiders going rogue and negatively affecting essential infrastructure?

In 2013, a Citibank employee had a bad performance review that ticked him off. The results were devastating: Specifically, at approximately 6:03 p.m. that evening, Brown knowingly transmitted a code and command to 10 core Citibank Global Control…
Nzall
  • 7,373
  • 6
  • 30
  • 45
58
votes
6 answers

Can wiped SSD data be recovered?

I was reading another post on destroying IDE drives, and how you could remove data, wipe it, or just destroy the drive. The removed data would still be there in some state, although not easily reachable without software. Wiped data is just removed…
cutrightjm
  • 1,734
  • 4
  • 18
  • 31
58
votes
7 answers

Are there security advantages gained from forcing a website to be available from just one tab at a time?

I just found that a website of one Polish bank forces the users to open it in one browser tab only. You cannot for example check your transfer history while looking for an account number that you want to send money to. I cannot think of any good…
d33tah
  • 6,514
  • 8
  • 39
  • 61
58
votes
11 answers

Why would a spammer try to get a (normal) image of mine?

Yesterday I found a spam mail in my inbox. I inspected it in order to find out why DSpam and SpamAssasin failed. You can find the raw German mail here, here's a translation: Good Morning. We got to know each other on the website of acquaintances. I…
Sebb
  • 733
  • 1
  • 5
  • 11
57
votes
2 answers

How exactly does the Stagefright Vulnerability work on Android?

Digital Trends describes the Stagefright Vulnerability thus: The exploit in question happens when a hacker sends a MMS message containing a video that includes malware code. What’s most alarming about it is that the victim doesn’t even have to open…
PositriesElectron
  • 1,595
  • 1
  • 13
  • 18
57
votes
4 answers

What security risks are posed by software vendors deploying SSL Intercepting proxies on user desktops (e.g. Superfish)

There has been quite a bit of concern noted relating to the recent discovery that Lenovo are pre-installing a piece of Adware (Superfish) which has the capability of intercepting SSL traffic from machines on which it is installed. What are the…
Rory McCune
  • 61,541
  • 14
  • 140
  • 221
57
votes
8 answers

Online backup : how could encryption and de-duplication be compatible?

A "soon to enter beta" online backup service, Bitcasa, claims to have both de-duplication (you don't backup something already in the cloud) and client side…
Bruno Rohée
  • 5,351
  • 28
  • 39
57
votes
11 answers

Are there "secure" languages?

Are there any programming languages that are designed to be robust against hacking? In other words, an application can be hacked due to a broken implementation, even though the design is perfect. I'm looking to reduce the risk of a developer…
TruthOf42
  • 845
  • 1
  • 7
  • 12
57
votes
8 answers

Is the Web browser status bar always trustable?

If I bring the mouse pointer to a link, but not click on it, I can see in the left/bottom corner that it displays the URL of it. Q: Could this URL (in the left/bottom) be different from the one that my Web browser will go? (don't count that server…
newuser999
  • 747
  • 5
  • 9
57
votes
4 answers

Strange requests to web server

I have a Linode VPS running Nginx, which currently serves only static content. Once I was looking at the log and noticed some strange requests: XXX.193.171.202 - - [07/Aug/2013:14:04:36 +0400] "GET /user/soapCaller.bs HTTP/1.1" 404 142 "-" "Morfeus…
Michael Pankov
  • 681
  • 1
  • 5
  • 6
57
votes
6 answers

How can a system enforce a minimum number of changed characters in passwords, without storing or processing old passwords in cleartext?

In some environments, it is required that users change a certain number of characters every time they create a new password. This is of course to prevent passwords from being easily-guessable, especially with knowledge of old passwords such as a…
Iszi
  • 27,027
  • 18
  • 99
  • 163
57
votes
7 answers

Can a CA decrypt HTTPS traffic?

My state has made a statement that in case my country will be disconnected from the world's CAs, it is necessary to install its own state certificates. In many forums, information has flashed that in this case, having its own certificate, the state…
RoyalGoose
  • 1,005
  • 6
  • 9
1 2 3
99 100