IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
51
votes
4 answers

Is it good practice to ban an IP address if too many login attempts are made from it?

Since an IP address does not necessarily represent a specific device, but probably a whole network/company/etc. does it at all make sense to block an IP address if there is a significant amount of false login tries from it? I was planning to…
Levite
  • 819
  • 1
  • 6
  • 14
51
votes
8 answers

Why am I allowed to access protected Windows files when I boot Ubuntu from USB?

How come I'm allowed to reboot a computer that I don't own, put in a USB, boot ubuntu from it and then access all files stored on the drives available (even critical files such as system files on C drive in Windows)? Isn't there a way to prevent…
Force444
  • 697
  • 1
  • 6
  • 12
51
votes
4 answers

Do simple Linux servers really need a non-root user for security reasons?

Playing devil's advocate, Let's assume I purchase a Linux server from a hosting provider. I am given a password for the root user and am told I may login using SSH. The only purpose this server has is to host one or more websites, possibly with SSL…
user31679
51
votes
10 answers

Can a steel woven wallet prevent RFID scanning of credit card information?

According to the Popular Mechanics article RFID Credit Cards and Theft: Tech Clinic, the fact that many new credit/debit cards have a RFID chip embedded on it, there is a risk (albeit, small according to the article) that the card would be 'skimmed'…
user31551
51
votes
1 answer

Vehicle remote key security

How secure are car remote keys? When you lock or unlock your car, can someone spoof or make another remote key? How do car remote keys work? Do they use some kind of private/public keys, encryption? Are aftermarket alarm remote keys less secure than…
Guntis
  • 745
  • 2
  • 7
  • 9
51
votes
2 answers

Why aren't infinite-depth wildcard certificates allowed?

As far as I can tell, an SSL certificate for *.example.com is good for foo.example.com and bar.example.com, but not foo.bar.example.com. Wildcards certificates cannot have *.*.example.com as their subject. I guess this is due to the fact that…
Manishearth
  • 8,257
  • 5
  • 35
  • 56
51
votes
4 answers

Detecting skimmers and other ATM traps

This question has been bothering me ever since I first heard of ATM skimmers: Instances of skimming have been reported where the perpetrator has put a device over the card slot* of an ATM (automated teller machine), which reads the magnetic…
TildalWave
  • 10,801
  • 11
  • 46
  • 85
51
votes
3 answers

Is a password in the clipboard vulnerable to attacks?

I see situations where you may have to input the same password more than once. You may type it in a text editor and copy it to clipboard, to paste it two or more times. In what scenarios this could be a bad idea?
Strapakowsky
  • 3,049
  • 8
  • 26
  • 31
51
votes
6 answers

Create a unterminable process in Windows

I am a student, and am genuinely curious about unterminable processes in Windows. For educational purposes, I would like to create an application (possibly in VB6?) which cannot be terminable by a user from task manager or taskkill. What are some…
user20825
51
votes
1 answer

Why can you bypass restricted WiFis by adding "?.jpg" to the URL?

I recently read an article on Hacking a commercial airport WLAN. It's basically about circumventing paid airport WiFi redirections (they redirect you to a certain URL when you type something in the address bar). You just add ?.jpg and tada, you've…
JohnPhteven
  • 613
  • 1
  • 6
  • 5
51
votes
5 answers

Should a bank be able to shorten your password without your involvement?

The bank of a friend changed password policy, such that you are limited to 20 characters. However, he used 24 letters before and thus was not able to log in anymore. He called his advisor, who suggested, he should try to log in with the first 20…
Wulle
  • 611
  • 2
  • 3
51
votes
6 answers

How valuable is secrecy of an algorithm?

On the surface, the inadvisability of security through obscurity is directly at odds with the concept of shared secrets (i.e. "passwords"). Which is to say: if secrecy around passwords is valuable, then by extension surely it must be of some value…
tylerl
  • 82,665
  • 26
  • 149
  • 230
51
votes
3 answers

Could bug bounty hunting accidentally cause real damage?

If an application's code contains even minor and subtle inaccuracies, it can open up the entire database to SQL injection. In this example (see section 'Delete All Method'), the entire Users table gets deleted with a trivial SQL injection ("1) OR…
stevec
  • 1,240
  • 1
  • 7
  • 17
51
votes
5 answers

New Hires get phishing emails very quickly - Reasoning and how to stop

We hired a new Sales Ops member 1 week ago. Within a week he's getting emails similar to the below: I did some research on the sender and it is a valid email, valid person, SPF/DKIM checks come through fine. I reached out to my CEO to check to…
Ryan Ternier
  • 581
  • 4
  • 9
51
votes
6 answers

Should a bank/financial service use external URL shortener services?

Say there is a bank/financial service that wants to have hyperlinks on their secure website/domain (or even in emails they send out to customers). In some of these links there are some long/obscure URLs which link to one of their subdomains, but the…
hPNJ7MHTyg
  • 627
  • 1
  • 4
  • 5
1 2 3
99 100