Highest Voted Questions - IT Security Stack Exchange

49

votes

5 answers

Overarching term for 'authentication' and 'authorization'?

The internet is rife with 'authentication vs. authorization'-type questions. I'm not asking that here. I'm wondering if there is some overarching term that encompasses both of these. I've seen authentication referred to as 'identity management', and…

authentication authorization

asked Jan 07 '16 at 11:33

smeeb

689
6
11

49

votes

2 answers

What is happening now with the Grub backspace key security vulnerability?

I just read a few articles about a new Grub vulnerability. The article said that you can bypass the password protection by pressing backspace twenty eight times. I am a security guy and I am concerned about the vulnerability, so I would like to know…

linux vulnerability grub

asked Dec 17 '15 at 19:43

Henry WH Hack v3.0

2,137
2
24
37

49

votes

4 answers

Why is key exchange necessary at all?

Let's say "Alice" and "Bob" want to communicate with each other over an insecure network. Using Diffie–Hellman key exchange, they can get the same symmetric key at last. However, as I understand, they do not have to get the same symmetric key at…

rsa key-exchange diffie-hellman asymmetric

asked Nov 17 '15 at 07:25

Firegun

503
4
8

49

votes

3 answers

Generate CSR from existing certificate

Can we generate the CSR (certificate signing request) used for certificate signing from the signed certificate? It should work with the original private key when signed again with different authority.

certificates openssl

asked Oct 30 '15 at 09:52

NPC

621
1
6
6

49

votes

5 answers

GnuPG decryption not asking for passphrase

I've some stuff encrypted with GnuPG using gpg -e. When I decrypt them, the system does not ask for the passphrase, it decrypts it straight away. Does it store the secret key somewhere and uses it (I also stored my secret key in the GnuPG key chain,…

encryption pgp gnupg

asked Oct 18 '15 at 10:58

EsseTi

683
1
5
8

49

votes

7 answers

How to securely, physically destroy a hard drive at home?

Hard drive in question has sensitive unencrypted data but has failed and no longer responds so can't be wiped. I'd like to physically destroy the said hard drive (3-1/2" desktop, spinning platter drive) before discarding it. What "home remedies" are…

data-leakage physical-access disposal

asked Sep 12 '15 at 04:30

DeepSpace101

2,153
3
23
35

48

votes

2 answers

Is this an attempted SQL injection?

Looking through error logs I found lots of requests to a web-app where the URL contains: /if(now()=sysdate(),sleep(10),0)/*'XOR(if(now()=sysdate(),sleep(10),0))OR'"XOR(if(now()=sysdate(),sleep(10),0))OR"*/ I read that could be a part of an attack…

web-application attacks sql-injection

asked Aug 03 '15 at 09:35

Tony

481
1
4
4

48

votes

5 answers

Bring your own phone to a (new) job: Consequences?

I am starting a new job, and I have the choice to receive a phone from the company, or to bring my own. I am considering using my own phone, to avoid having an extra device, but I want to better understand the consequences of that decision. I have…

network privacy phone iphone

asked May 05 '15 at 10:18

aliteralmind

595
4
7

48

votes

5 answers

How does a website instantly know if a certain credit card number is wrong?

I was renewing my Internet subscription through the online portal of my ISP. What struck me was when I was entering my credit card details, I entered the type of my credit card (MasterCard, Visa, AA, etc), and when I entered the numbers, there was…

credit-card financial

asked Feb 16 '15 at 15:35

tony9099

779
1
5
10

48

votes

1 answer

Facebook password lowercase and uppercase

Recently I logged into my Facebook account and then noticed that my caps lock was on. So I tried to log in again with and without capslock on. I got in both times. Then I tried to log in with the first letter of my password in uppercase and the rest…

passwords facebook

asked Sep 23 '14 at 15:12

StuckBetweenTrees

649
5
8

48

votes

5 answers

HTTPS still NSA-safe?

There are exerpts, that say that using https can be broken by the NSA by now. So is https still a solution for secure web-browsing? source: http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/…

encryption tls nsa

asked Jun 10 '14 at 13:09

rubo77

2,370
10
26
49

48

votes

2 answers

Are there more modern password hashing methods than bcrypt and scrypt?

This question made me start thinking about password hashing again. I currently use bcrypt (specifically py-bcrypt). I've heard a lot about PBKDF2, and scrypt. What I'm wondering is if there are any "more modern" password hashing methods that I might…

passwords password-management bcrypt pbkdf2 scrypt

asked Jul 25 '11 at 01:13

Brendan Long

2,898
1
19
27

48

votes

4 answers

Is using SHA-512 for storing passwords tolerable?

I know that the best options to use for storing passwords are bcrypt/PBKDF2/scrypt. However, suppose you have to audit a system and it uses SHA-512 with salt. Is that "fine"? Or it is a vulnerability that must be addressed, even thought your site is…

passwords

asked Feb 22 '14 at 08:23

Bozho

1,173
1
10
12

48

votes

2 answers

Web Application encryption key management

In a nutshell, let's consider a web application which stores some information in a database as encrypted data. While I'm purposely trying to keep this some what generic, here are some assumptions: The encrypted data is only stored in the database…

web-application encryption key-management

asked Jun 24 '11 at 15:00

Rob

591
1
4
7

48

votes

5 answers

What does Mark Shuttleworth mean by "we have root"?

In a blog post in response to the Amazon privacy controversy, Mark Shuttleworth wrote: Don’t trust us? Erm, we have root. You do trust us with your data already. You trust us not to screw up on your machine with every update. You trust Debian,…

linux operating-systems backdoor

asked Oct 27 '13 at 18:47

HighCommander4

1,182
1
10
11

Most Popular