Highest Voted Questions - IT Security Stack Exchange

53

votes

8 answers

If I delete my router's history can my ISP still provide it to my parents?

If I delete my router's history, is it still visible and can my ISP still provide it to my parents? Or is it deleted from existence?

privacy router isp

asked Feb 27 '19 at 12:28

madur

547
1
4
4

53

votes

5 answers

Encryption and compression of Data

If we want both encryption and compression during transmission then what will be the most preferable order. Encrypt then compress Compress then encrypt

encryption compression

asked Sep 10 '12 at 11:25

Ali Ahmad

4,814
8
35
61

53

votes

2 answers

How do US government agencies open their email attachments?

I suppose the FBI receives email with attachments, like any other government agency: documents, resumes/CVs, etc. I also suppose they are very careful not to get infected, more than the average user, for obvious reasons. If I were to send an email…

email government email-attachments

asked Nov 25 '18 at 22:49

reed

15,538
6
44
65

53

votes

6 answers

Can a hacker, that knows my IP address, remotely access accounts I have left logged in on my computer?

I frequently leave accounts logged in on my personal computer because of the immense physical and cryptological barriers a hacker would have to overcome to access my computer. Could a hacker, that knows my IP address and what websites I left logged…

ip account-security

asked Jun 01 '18 at 13:35

William FitzPatrick

609
1
5
6

53

votes

3 answers

Why has Ubuntu 18.04 moved back to insecure Xorg?

After reading Xorg becomes the default display server again and considering the security risk of xorg, I am wondering why the developers left Wayland. The fact that a few programs do not work on Wayland does not justify such a security risk. Any…

ubuntu x11

asked Apr 17 '18 at 09:10

ar2015

845
2
7
10

53

votes

4 answers

Why would a password be hashed before being used to encrypt something?

When reading some documentation about the security of a product, I found that the vendor uses the SHA-2 of a password to encrypt data (AES-256), instead of using this password directly. Are there any advantages of doing so? An attacker is not going…

encryption passwords hash

asked Feb 15 '18 at 10:23

WoJ

8,968
3
33
51

53

votes

3 answers

Is it true that meltdown and spectre were intended as debug tools?

I heard from a guy that's involved in low-level (assembler, C for drivers and OSes) programming, that meltdown and spectre weren't actually vulnerabilities discovered only so recently, but they were openly known as debug tools. It seems quite…

meltdown spectre

asked Jan 12 '18 at 10:00

Antek

663
1
5
9

53

votes

3 answers

Is my Windows 10 machine experiencing DNS poisoning? I keep getting Chinese IP addresses when connecting to a U.S. government domain

I've found that some .gov sites are being redirected to a Chinese IP. I have searched across Internet to see if this a known form of malware but I'm unable to find any info. I would like someone guiding me to isolate the infected files and report to…

dns

asked Nov 21 '17 at 13:12

Alex

761
1
6
7

53

votes

4 answers

How can I be sure Lastpass really can't access my passwords?

The recent, widely publicized security incident where millions of Linkedin were exposed reminded me to tighten up my password practices. I'm looking at several password managers now and I'm especially curious about Lastpass. They write on their…

password-management

asked Jun 08 '12 at 08:37

anonymous

531
1
4
3

53

votes

5 answers

Is authentication using Facebook/Google considered good practice?

A lot of services, sites, and applications offer the 'login with Facebook' or 'login with Google' option. For many sites, the browser opens a separate window in which you can enter your username and password. This way, you can check the URL and…

authentication

asked Mar 10 '17 at 09:55

Ruben

592
1
4
7

53

votes

9 answers

What does this Https - "not fully secure" warning mean?

I went to sign into a website today using Google Chrome and was presented with the following error: Your connection to this site is not fully secure Attackers might be able to see the images you're looking at on this site and trick you…

encryption tls

asked Jan 10 '17 at 15:58

User1

3,031
5
23
30

53

votes

6 answers

Why don't browser DNS caches mitigate DDOS attacks on DNS providers?

Why are the recent DDoS attack against DNS provider Dyn, and other similar attacks successful? Sure a DDoS attack can bring an entity down, and if that entity controls DNS servers then queries to those nameservers will fail, and domains listed…

dns ddos

asked Oct 23 '16 at 01:25

aeb0

650
5
8

53

votes

4 answers

Why is using salt more secure?

Storing the hash of users' passwords, e.g. in a database, is insecure since human passwords are vulnerable to dictionary attacks. Everyone suggests that this is mitigated via the use of salts, but the salt is considered non-sensitive and does not…

passwords hash attacks salt

asked Apr 21 '12 at 20:26

Jim

1,405
4
14
18

53

votes

5 answers

How does an attacker get access to hashed passwords?

The way that we hash passwords and the strength of password is important because if someone gets access to the hashed passwords, it's possible to try lots and lots of passwords in a surprisingly short amount of time and crack anything that is…

passwords hash attack-vector

asked Aug 23 '16 at 14:30

JimmyJames

3,049
2
17
25

53

votes

8 answers

How should I tell school that they are vulnerable when I wasn't given permission to check?

I would like to report security weaknesses to my school in UK. I had managed to find security weaknesses without any exploits or other software or hardware. I had look at similar question however problem is that it is very likely to find out that it…

penetration-test legal disclosure grey-hat

asked Apr 11 '16 at 17:56

vakus

3,763
3
22
32

Most Popular