Highest Voted Questions - IT Security Stack Exchange

201

votes

22 answers

How can I explain to non-techie friends that "cryptography is good"?

After that case in which Brazilian government arrested a Facebook VP due to end-to-end encryption and no server storage of messages on WhatsApp to prove connection with a drug case, it's become pretty common for friends of mine to start…

cryptography data-leakage

asked May 13 '16 at 18:54

user28177

200

votes

8 answers

Why not use larger cipher keys?

RSA Security commonly uses keys of sizes 1024-bit, 2048-bit or even 3072-bit. And most Symmetric algorithms only between 112-bit and 256-bit. I do realize that the current keys are secure enough for today's hardware, but as computers get faster,…

cryptography asymmetric cipher-selection

asked Dec 13 '12 at 11:48

Koning

1,643
3
11
5

198

votes

4 answers

Amount of simple operations that is safely out of reach for all humanity?

Cryptographic primitives usually assert some security level given as number of operations to mount an attack. Hash functions, for example, give different security levels for collision attacks, preimage attacks and second preimage attacks. From…

cryptography research theory

asked Aug 11 '11 at 17:35

Nakedible

4,531
4
26
22

198

votes

3 answers

Don't understand how my mum's Gmail account was hacked

My mum (on Gmail, using Chrome) received an email from a friend's Hotmail address. She opened the email (very obviously a phishing email) and clicked a link in it. This opened a webpage with loads of medical ads on. She closed the page and deleted…

email phishing

asked Feb 23 '14 at 19:54

cja

1,609
3
12
8

197

votes

11 answers

Search for military installed backdoors on laptop

My laptop was confiscated by the military institute of my country and they made me to give them all my passwords (I cannot tell you the name of my country). They did not give it back to me for one week (yes, it was out of my sight for a while). I…

malware windows privacy backdoor

asked Dec 18 '18 at 10:43

Posse

1,791
2
7
15

196

votes

4 answers

How does Windows 10 allow Microsoft to spy on you?

Windows 10 is perhaps the most Internet-connected and cloud-centric operating system released by Microsoft to date. This, of course, has caused many users to be concerned about how the OS respects their privacy (or doesn't). Multiple sources are now…

windows spyware windows-10

asked Aug 13 '15 at 09:26

user83026

194

votes

7 answers

How can I protect myself from this kind of clipboard abuse?

Clipboard abuse from websites Many websites use JavaScript or CSS to stealthily insert or replace text in the user's clipboard whenever they copy information from the page. As far as I know this is mostly used for advertising purposes, but PoC for…

exploit unix web-browser clipboard

asked Jul 18 '13 at 00:08

sam hocevar

1,879
2
13
9

193

votes

6 answers

Isn't Ubuntu's system prompt for my password spoofable?

Sometimes, Ubuntu shows the following window: This window can be caused by some background processes running, such as an automatic update, or a process which reports bugs to Canonical which manifests itself this way: Since those are background…

passwords linux privilege-escalation

asked Aug 13 '17 at 13:10

Arseni Mourzenko

4,674
6
22
30

190

votes

6 answers

Does Facebook store plain-text passwords?

I was about to reset my Facebook password and got this error: Your new password is too similar to your current password. Please try another password. I assumed that Facebook stores only password hashes, but if so, how can they measure passwords…

passwords hash facebook

asked Mar 16 '14 at 16:58

Michał Šrajer

4,154
4
18
21

190

votes

4 answers

SSH key-type, rsa, dsa, ecdsa, are there easy answers for which to choose when?

As someone who knows little about cryptography, I wonder about the choice I make when creating ssh-keys. ssh-keygen -t type, where type is either of dsa,rsa and ecdsa. Googling can give some information about differences between the types, but not…

ssh key-generation

asked Oct 30 '12 at 12:50

user50849

2,530
2
16
15

186

votes

6 answers

How do I deal with a compromised server?

I suspect that one or more of my servers is compromised by a hacker, virus, or other mechanism: What are my first steps? When I arrive on site should I disconnect the server, preserve "evidence", are there other initial considerations? How do I go…

system-compromise

asked Jul 19 '13 at 17:40

Lucas Kauffman

54,229
17
113
196

186

votes

9 answers

Is the NHS wrong about passwords?

An NHS doctor I know recently had to do their online mandatory training questionnaire, which asks a bunch of questions about clinical practice, safety and security. This same questionnaire will have been sent to all the doctors in this NHS…

passwords password-policy entropy

asked Oct 06 '16 at 20:31

Robin Winslow

1,738
2
11
10

184

votes

3 answers

What is the purpose of "gibberish" comments posted to my blog?

Fairly frequently, the contact form on my blog gets comments that look similar to this (each field represents a text box users can enter into the HTML form on the blog): Name: 'ceguvzori' Email: 'gwizwo@avbhdu.com' Website: 'QrSkUPWK' Comment:…

spam

asked Apr 29 '14 at 03:22

IQAndreas

6,667
9
33
52

184

votes

5 answers

Why are chips safer than magnetic stripes?

After the recent Target hack there has been talk about moving from credit cards with magnetic stripes to cards with a chip. In what ways are chips safer than stripes?

credit-card smartcard

asked Jan 23 '14 at 13:05

Thomas

3,861
4
22
26

184

votes

5 answers

How and when do I use HMAC?

I was reading HMAC on wikipedia and I was confused about a few points. Where do I use HMAC? Why is the key part of the hash? Even if someone successfully used a "length-extension attack", how would that be useful to the attacker?

hmac

asked Sep 13 '12 at 11:22

user5575

Most Popular