IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
182
votes
11 answers

Help! My home PC has been infected by a virus! What do I do now?

This is an attempt to ask a canonical question as discussed in this old meta post. The goal is to create something helpful that can be used as a duplicate when non experts ask about virus infections. Let's say that I have determined beyond doubt…
Anders
  • 65,052
  • 24
  • 180
  • 218
180
votes
12 answers

How is an ATM secure?

I'm curious why an ATM computer is considered secure. The general adage of "If an attacker has physical access to my machine, all bets are off," seems to not apply in this circumstance (since everyone has physical access to the machine). Why is…
asteri
  • 1,885
  • 3
  • 15
  • 22
179
votes
9 answers

Can webcams be turned on without the indicator light?

I've made a series of penetration tests in my network and one of the things I've tried was to record webcam and microphone. Recording an end-user's microphone seems to be a stealth thing, but what about the webcam? In my tests, the indicator is…
user4610
179
votes
8 answers

Why can't the FBI read the key embedded in the iPhone's secure chip/ROM directly from hardware (silicon)?

As far as I understand, the 4 digit passcode is combined (in some fashion) with a key stored in secure read only memory (e.g. secure enclave chip or similar), where it is directly embedded into silicon wiring to help prevent unauthorized reads. But…
user9806
  • 1,689
  • 2
  • 10
  • 4
178
votes
18 answers

What is a good analogy to explain to a layman why passwords should be hashed?

Note: This is not an actual situation I'm currently in. Assume your boss is one of those old-fashioned computer-illiterate managers and wants to store the passwords in plaintext to simplify development. You get 5 minutes to explain the point of…
Nzall
  • 7,373
  • 6
  • 30
  • 45
178
votes
9 answers

How to determine what type of encoding/encryption has been used?

Is there a way to find what type of encryption/encoding is being used? For example, I am testing a web application which stores the password in the database in an encrypted format (WeJcFMQ/8+8QJ/w0hHh+0g==). How do I determine what hashing or…
Karthik
  • 2,264
  • 4
  • 19
  • 19
178
votes
10 answers

How secure are virtual machines really? False sense of security?

I was reading this CompTIA Security+ SYO-201 book, and the author David Prowse claims that: Whichever VM you select, the VM cannot cross the software boundaries set in place. For example, a virus might infect a computer when executed and spread…
T. Webster
  • 2,311
  • 3
  • 19
  • 19
178
votes
12 answers

Why is it wrong to *implement* myself a known, published, widely believed to be secure crypto algorithm?

I know the general advice that we should never design¹ a cryptographic algorithm. It has been talked about very extensively on this site and on the websites of professionals of such caliber as Bruce Schneier. However, the general advice goes…
gaazkam
  • 5,657
  • 11
  • 24
  • 38
176
votes
4 answers

Is there anything preventing the NSA from becoming a root CA?

There are now tons of Certification Authorities (CAs) that are trusted by default in major OS's, many of which are unrecognizable without online lookup or reference. While there have been attempts by the NSA and others to "hack" or otherwise…
user2813274
  • 2,051
  • 2
  • 13
  • 18
173
votes
4 answers

GitLab account hacked and repo wiped

I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address…
Stefan Gabos
  • 1,113
  • 2
  • 6
  • 9
172
votes
9 answers

Is Adblock (Plus) a security risk?

My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's appearance, Adblock Plus (and others) might…
Tobias Kienzler
  • 7,658
  • 11
  • 43
  • 68
172
votes
26 answers

Convince people not to share their password with trusted others

IT workers are usually trusted by their family members who readily share passwords (Facebook, email, twitter, you-name-it!) so they can get easy help to set what-ever-parameter they don't find or explanation of a challenging situation. I always try…
Auzias
  • 1,518
  • 2
  • 9
  • 14
171
votes
6 answers

ECDSA vs ECDH vs Ed25519 vs Curve25519

Among the ECC algorithms available in openSSH (ECDH, ECDSA, Ed25519, Curve25519), which offers the best level of security, and (ideally) why?
Omar
  • 1,813
  • 2
  • 12
  • 5
171
votes
7 answers

Difference Between OAUTH, OpenID and OPENID Connect in very simple term?

I am very confused the difficult jargon available in web about OAUTH, OpenID and OPENID Connect. Can anyone tell me the difference in simple words.
user960567
  • 2,491
  • 4
  • 17
  • 16
171
votes
3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…
M'vy
  • 13,053
  • 3
  • 48
  • 69
1 2 3
99 100