IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
54
votes
5 answers

Are all these attacks possible with WiFi MitM or is it over-hyped nonsense?

My dad sent me this video asking if he should be worried about this? The video shows: a wifi AP broadcasting an airport's wifi name security researcher seeing the sites the victim browses security researcher viewing files accessed by victim on…
keithRozario
  • 3,631
  • 2
  • 12
  • 25
54
votes
6 answers

Is `curl {something} | sudo bash -` a reasonably safe installation method?

The most straightforward way to install NodeJS on Ubuntu or Debian seems to be Nodesource, whose installation instructions say to run: curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - This clashes with some basic security rules I…
Krubo
  • 829
  • 6
  • 9
54
votes
8 answers

A stranger asks for my delivery address, how much information should I give?

There's this person online with whom I have only interacted a few times. They had asked me for a small favour, which I did. They then wanted to give me something in return as a thank you. They were going to post it, so they wanted my address. I am…
cluelessAndDesperate
  • 539
  • 1
  • 4
  • 4
54
votes
3 answers

What is the benefit of having a cryptographically secure hash algorithm in hashmaps?

I recently read the Rust language documentation and saw this: By default, HashMap uses a cryptographically secure hashing function that can provide resistance to Denial of Service (DoS) attacks. This is not the fastest hashing algorithm available,…
Greaka
  • 643
  • 5
  • 9
54
votes
8 answers

Virus Encoded in Video

So I'm not familiar at all with IT Security, but I'm a bit curious about something. I was watching a TV show and at one point, a virus spreads through an office. They investigate and find out that the virus was encoded in a video and it was…
pasawaya
  • 1,027
  • 1
  • 9
  • 12
54
votes
13 answers

Allow only specific devices to be connected to USB

Suppose I have a Windows PC in a safe room, disconnected from the internet, with only 3 cables connecting to another room, to a mouse, monitor and keyboard. The computer contains highly sensitive data. The HDMI monitor cable is no problem, but the…
MarcG
  • 805
  • 1
  • 7
  • 11
54
votes
4 answers

Are non-English speakers better protected from (international) phishing?

After I received dozen of spam mails over the last year with my thrashmail (used for "You must log in once to check out this product.."-Sites, etc.) I noticed they were mostly translated (if they are at all) horribly. I thought about that after…
pguetschow
  • 750
  • 5
  • 16
54
votes
3 answers

Is Signal still more secure than WhatsApp?

WhatsApp has "recently" deployed end-to-end encryption using the Signal protocol, which is of course also being used by Signal itself. The related white paper (PDF). Now this raises the question: Is there still any security benefit to use Signal…
SEJPM
  • 9,540
  • 6
  • 37
  • 67
54
votes
7 answers

Is it possible to determine password strength without knowing the password?

I have just got some report of a penetration test and one of the recommendations was to strengthen passwords. I however realized that no passwords were provided for the testers, and I wanted to find out if it was possible to determine the strength…
pi.
  • 653
  • 6
  • 6
54
votes
11 answers

Can headphones transmit malware?

Can headphones transmit malware? My friend borrowed my headphones (a pair of Apple EarPods) and plugged them into his Android mobile phone for a few minutes in order to listen to a voice message. Would it be dangerous if I plug it into my phone…
tonychow0929
  • 2,247
  • 3
  • 13
  • 14
54
votes
11 answers

Is there a method of generating site-specific passwords which can be executed in my own head?

I was thinking recently about password security. My goal is to have mostly random passwords, that are different for each site. But you also should be able to remember them (or re-generate them) without the help of any notes or the like. If I use…
Mnementh
  • 793
  • 6
  • 13
53
votes
2 answers

Is including the data scheme in your Content Security Policy safe?

I have a Cordova app that transforms some images to base64. This violates CSP with this message: Refused to load the image 'data:image/svg+xml;charset=US-ASCII,%3C%3Fxml%20version%3D%221.0%22%20encod…E%3C%2Fg%...%3C%2Fsvg%3E' because it violates…
Martin Verner
  • 635
  • 1
  • 5
  • 8
53
votes
5 answers

Can malicious code trigger without the user executing or opening the file?

If a file is downloaded from the Internet, and saved on disk, but is not opened by a user (if we keep autorun off), are there any chances that malicious code (e.g. a virus) in the file could trigger? I'm not asking about attacks that could be made…
ahinath
  • 547
  • 1
  • 4
  • 3
53
votes
3 answers

Why is it insecure to store the session ID in a cookie directly?

I am learning about session middleware. You have to supply a secret or the middleware complains: app.use(session({ secret: "abc", resave: false, saveUninitialized: false, store: new MongoStore({ mongooseConnection: mongoose.connection …
Angular noob
  • 727
  • 1
  • 6
  • 7
53
votes
5 answers

How can I know that developers will be ethical and not record my password in plaintext

I am not asking why hashing should be done. Instead, I want to know how to prevent that developers record user passwords to hack their user's other accounts, especially their email. Couldn't they store their user's passwords in plaintext without the…
poush
  • 635
  • 1
  • 6
  • 5
1 2 3
99 100