Highest Voted Questions - IT Security Stack Exchange

51

votes

3 answers

Can USB drive infect my PC with malware if I don't allow any autorun.inf to run?

Assuming that I'm using a trusted USB flash drive (meaning that it's not some device that looks like a USB drive and whose purpose is to damage my PC), is it possible for my PC to get infected from some malware picked up by the USB if I'm running an…

windows malware usb-drive

asked Nov 26 '15 at 11:06

Jorge Luque

614
1
5
10

51

votes

4 answers

Can I sign a single character message with the RSA private key?

If I sign a very short message (0 or 1) with my private key (and the receiving side verifies the signature using public key), is this less secure than to send the sufficiently long signed message?

public-key-infrastructure

asked Oct 20 '15 at 13:06

h22

901
6
10

50

votes

8 answers

How does malicious software encrypt victims' files so quickly?

Encrypting a file to me is akin to dealing with a very long string, feeding it into the hashing or encryption function to get another long encrypted string (or a hash in the case of hashing). This process takes some good amount of time. I know that…

encryption ransomware

asked Jul 05 '15 at 07:19

Ulkoma

8,793
16
66
95

50

votes

4 answers

Is having the username and password fields on different pages more secure?

An online bank I use requires inputting your username, navigating to a second page and then entering the password to login. What actual security advantage does this provide, if any?

authentication user-interface

asked Apr 03 '15 at 02:20

ThisIsNoZaku

603
1
5
6

50

votes

7 answers

How would you detect an Evil Twin attack, especially in a new environment?

Let's say you are traveling, and you pause in the airport lounge, or your hotel lobby, or a nearby coffee shop. You haul out your laptop and scan the available wireless networks. You know the name of the wireless network because it is written behind…

wireless

asked Apr 02 '15 at 18:02

J Kimball

2,137
1
13
19

50

votes

6 answers

Should I be concerned if my website throws stack information?

I have a simple login form on my web page and the URL looks like this: example.com/signup/signup.php?q=1 If I try something like this: example.com/signup/signup.php?q=1&() I'm redirected to a stack dump that looks something like this: exception…

web-application php vulnerability error-handling

asked Mar 24 '15 at 07:35

Kevin

501
4
3

50

votes

4 answers

Is SSL dying? Should I buy SSL certificates for my sites any more?

I'm planning to purchase a SSL certificate for one of my sites when I'm concerned about points made in these articles: WiredTree: The Most Significant Issue With SSL – And How To Solve It TechRepublic: POODLE vulnerability hastens the death of SSL…

tls http

asked Nov 30 '14 at 07:39

datasn.io

749
2
8
9

50

votes

7 answers

Is the option to jump to blanks in password fields a security risk?

Using Ctrl + ← / →, it's a common behavior across different operating systems to jump from word to word (or from blank to blank) in text input fields. Now I've discovered that this also applies on password fields in Internet Explorer 8 and 11 (I…

passwords internet-explorer

asked Oct 16 '14 at 11:14

stuXnet

679
5
11

50

votes

7 answers

How does a country block/censor an encrypted website (HTTPS)?

Given that Site X uses HTTPS, how can it be blocked by a country? My browser reads: 128-bit encryption | ECDHE_RSA as key exchange. I say it's blocked since when I use Tor, it works fine. One important thing to point out is that it's not blocked in…

tls censorship

asked Aug 03 '14 at 10:22

Mars

1,843
3
16
22

50

votes

7 answers

How to prevent BadUSB attacks on Linux desktop?

What can I do to protect my Linux laptop from BadUSB attacks as described by ArsTechnica here? Perhaps writing an appropriate AppArmor profile would help?

linux usb badusb

asked Aug 02 '14 at 08:39

student

1,443
4
15
23

50

votes

5 answers

How does a country block its citizens from accessing a site?

Following Turkey's recent social site blocks, I am wondering how can you efficiently accomplish that as a country. Similar for a big company. Blocking IPs → easy to circumvent, (proxys, tunnels, etc) Blocking/Redirecting DNS → type the address or…

encryption tls privacy access-control

asked Apr 03 '14 at 15:28

blended

2,841
3
16
16

50

votes

3 answers

Simple example auditd configuration?

Auditd was recommended in an answer to Linux command logging? The default install on Ubuntu seems to barely log anything. There are several examples that come with it (capp.rules, nispom.rules, stig.rules) but it isn't clear what the performance…

linux ids audit

asked Jun 18 '11 at 17:26

nealmcb

20,693
6
71
117

50

votes

3 answers

How does the TPM perform integrity measurements on a system?

I am trying to find out how the TPM performs an integrity measurement on a system. It is well-documented in the TPM specification how it seals the data it has measured in the PCRs and how it is updated. But that which I can't find explained is how…

trusted-computing tpm

asked Jul 22 '13 at 11:42

user1049697

1,117
2
10
15

50

votes

4 answers

Is URL rewriting in e-mail a sound security practice?

Our work e-mail server has started rewriting links in incoming mail through a redirecting gateway, for "security reasons": if I receive an e-mail containing a link to https://security.stackexchange.com, the link gets rewritten…

email url-redirection

asked Sep 02 '22 at 14:11

Federico Poloni

871
9
15

50

votes

7 answers

How to bypass tcpwrapped with nmap scan

I ran a scan with nmap -n -vv -A x.x.x.x --min-parallelism=50 --max-parallelism=150 -PN -T2 -oA x.x.x.x With the following result: Host is up (0.032s latency). Scanned at 2012-10-25 16:06:38 AST for 856s PORT STATE SERVICE VERSION 1/tcp …

firewalls nmap

asked Oct 30 '12 at 23:43

KING SABRI

675
1
5
6

Most Popular