IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
53
votes
6 answers

What are the differences between TPM and HSM?

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor, but what are the differences exactly? Does one of them has more advantages than another?
Ali
  • 2,714
  • 1
  • 14
  • 23
53
votes
5 answers

How do I verify that WhatsApp is using end-to-end encryption?

Slightly old news: Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users Is there any test that I can perform to verify that WhatsApp is indeed using end-to-end encryption between my and another Android phone?
Ansis Māliņš
  • 653
  • 1
  • 5
  • 6
53
votes
6 answers

Does injecting querystring values directly into HTML pose a security risk?

Someone reported a bug on my site that I don't really consider an issue. My site has an URL akin to this: www.site.com/ajax/ads.asp?callback=[text injection] So filetype is application/json, and I don't see how that can affect security of site. His…
Daniel
  • 1,432
  • 4
  • 21
  • 32
53
votes
3 answers

4096 bit RSA encryption keys vs 2048

Where do 4096 bit RSA keys for SSL certs currently stand in terms of things like CA support, browser support, etc? In the overall scheme of things is the increased security worth the risk of 4096 bit keys not having the widespread support and…
user53029
  • 2,687
  • 5
  • 24
  • 35
53
votes
5 answers

Is there any way for my ISP or LAN admin to learn my Gmail address as a result of me logging into Gmail's web interface through via their network?

The title says it all, really. I'm Alice, and I want to login to Gmail's web interface through my browser. Ike, the internet service provider, and Adam, the local network administrator, would like to know what my Gmail email address (username) is.…
Anon
  • 541
  • 4
  • 4
53
votes
5 answers

gpg --encrypt fails

When trying to encrypt files, I get the following error in KGpg editor window: The encryption failed with error code 2 On the command line I get: $ gpg --list-keys /home/user/.gnupg/pubring.gpg --------------------------------- pub …
marekful
  • 1,191
  • 1
  • 8
  • 11
53
votes
2 answers

How are zero days found?

I believe that it was leaked recently that the NSA has a long list of zero day exploits on various software "for a rainy day," ie: for whenever it would be useful to them. The question is, how do they find these zero days? Does someone have to…
Naftuli Kay
  • 6,745
  • 9
  • 47
  • 76
53
votes
6 answers

How secure is NOPASSWD in passwordless sudo mode?

On all our boxes we have ssh access via keys. All keys are password protected. At this moment the sudo mode is not passwordless. Because the number of VMs are growing in our setup, we investigate the usage of Ansible. Ansible itself says in the…
Jurian Sluiman
  • 873
  • 2
  • 7
  • 9
53
votes
10 answers

Isn't OAuth, OpenID, Facebook Connect, and others crazy from a security standpoint?

I work with APIs all the time and I work with web developers who insist that OAuth, OpenID, etc are far superior than a home-brew method. Every site seems to be using these as well now for ease of use to the user, but also for security. I hear it…
Oscar Godson
  • 631
  • 5
  • 5
53
votes
7 answers

Do security questions subvert passwords?

Do security questions subvert hard to crack passwords? For example, if a site requires passwords with a certain scheme (length + required character sets) and has a security question, why would someone try cracking the password instead of the…
Thomas Eding
  • 685
  • 5
  • 5
53
votes
4 answers

Password manager vs remembering passwords

I have always thought that you are not supposed to use a password manager but to keep your passwords in your head, but lately I have thought about the pros and cons of having a password manager. Some areas might be: password length, key logger…
KilledKenny
  • 1,662
  • 4
  • 19
  • 28
53
votes
7 answers

How can a company ensure cybercriminals destroy hacked data after payment?

Cloud computing provider Blackbaud reported on https://www.blackbaud.com/securityincident "...the cybercriminal removed a copy of a subset of data from our self-hosted environment. ... we paid the cybercriminal’s demand with confirmation that the…
Gnubie
  • 573
  • 1
  • 4
  • 7
53
votes
7 answers

Can you hide your OS from programs? Can you trick a program into thinking you are on a different OS?

Is there a way or program to make another program think I am using a different system? For example, let's say currently I am on Windows 7 32-bit and I want the program to detect Windows 10 64-bit or perhaps Windows XP. Can I do something similar…
Wolwo
  • 599
  • 1
  • 4
  • 5
53
votes
12 answers

Is it bad to use special characters in passwords?

I'm trying to find the best degree of entropy for a password template, and after carrying out several tests, the best result came from this: à. This symbol alone adds 160 characters to the set (contrary to lower-upper case letters, numbers, or even…
Héctor Álvarez
  • 665
  • 1
  • 5
  • 7
53
votes
3 answers

Which is the best password hashing algorithm in .NET Core?

What are the considerations when picking the best password hashing algorithm in .NET Core? I read that not all hashing algorithms are compliant / unverified, so I am a hesitant on just getting various implementations from NuGet. Also, it is not…
Water
  • 663
  • 1
  • 6
  • 6
1 2 3
99 100