Highest Voted Questions - IT Security Stack Exchange

48

votes

5 answers

Open-source penetration-test automation

What order do typical open-source penetration tests operate? Which tools are run first, second, third -- and how do you control them? Does one simply use Metasploit RC files? A network vulnerability scanner in a special way? A command-line, custom,…

penetration-test tools vulnerability-scanners network-scanners

asked Nov 15 '10 at 23:31

atdre

18,945
6
59
108

48

votes

13 answers

DDoS - Impossible to stop?

Is it possible - in theory - to stop1 a DDoS attack of any size? Many people claim it's impossible to stop DDoS attacks and tell me I just shouldn't mess with the wrong people on the internet. But what if, in like 5 years, everyone is able to rent a…

network ddos server threat-mitigation

asked Apr 05 '13 at 17:11

user2173629

589
1
4
3

48

votes

5 answers

Migrating GPG master keys as subkeys to new master key

Currently I have 3 private GPG pairs which are all master keys. I want to convert these keys into subkeys for a new key pair (and keep that in the vault). I have read the following thread http://atom.smasher.org/gpg/gpg-migrate.txt which involes…

key-management pgp gnupg

asked Mar 20 '13 at 17:31

lz.

581
1
4
5

48

votes

5 answers

I managed to capture a botnet control host, what do I do with it?

A few days ago one of my webhosting customers had their FTP login compromised, and the attacker modified his index.php file to include some extra code, and roughly twelve thousand other bots have been trying to access it via a POST operation…

botnet

asked Feb 28 '13 at 10:20

Shadur

2,546
21
19

48

votes

2 answers

HMAC - Why not HMAC for password storage?

Nota bene: I'm aware that the good answer to secure password storage is either scrypt or bcrypt. This question isn't for implementation in actual software, it's for my own understanding. Let's say Joe Programmer is tasked with securely storing end…

passwords authentication cryptography hash

asked Apr 19 '11 at 12:09

user2122

48

votes

5 answers

openssl: recover key and IV by passphrase

A large amount of files were encrypted by openssl enc -aes-256-cbc -pass pass:MYPASSWORD Openssl should derive key+IV from passphrase. I'd like to know key+IV equivalent of that MYPASSWORD. Is that possible? I know MYPASSWORD. I could decrypt…

encryption passwords hash aes openssl

asked Jan 16 '13 at 03:48

Sergey Romanovsky

603
1
6
6

48

votes

8 answers

Have I properly destroyed my SSD?

I held every chip (without desoldering, they were still onboard) in a lighter flame for a minute or two. They started "popping" a little if that indicates anything. Then I drove a nail into every chip (approximately through the center) with the…

ssd destruction

asked Sep 12 '21 at 00:24

ThrowawayGuest10

529
1
3
4

48

votes

6 answers

Why do some sites block pasting into username or password input fields?

I use a few websites that prevent me from copying & pasting into the username or password fields. It's quite frustrating when using a password manager, and if anything I'd think it discourages users from good password-management because they're…

authentication passwords

asked Mar 05 '11 at 21:58

realworldcoder

1,123
11
10

48

votes

4 answers

Aren't keyfiles defeating the purpose of encryption?

I just added a drive to my system which is basically a partition mounted for extra storage. I'd like to encrypt it to protect my data in case of god knows what, and by doing that I'd need to enter the passphrase every time to unlock the partition. I…

encryption disk-encryption ubuntu file-system luks

asked May 12 '20 at 13:17

php_nub_qq

787
1
6
13

48

votes

10 answers

Global variables and information security

I get the impression that it is a programming best practice to create variables in specific scopes (like a function scope) and avoid global scope to make things more modular and better organized. However I'm not sure if there is also a security…

access-control environment-variables breach

asked Sep 02 '19 at 18:58

user123574

48

votes

10 answers

Blocking people from taking pictures of me with smartphone

This question might be better suited for Skeptics, but I guess that those who can really answer this might hang around here. In the second episode of the fourth season of the french spy series The Bureau (see around 0:36 in this clip), one hacker…

smartphone

asked Aug 09 '19 at 08:33

bangnab

639
1
5
5

48

votes

5 answers

Should I close port 80 forever and ever since the 2018 Google-indicated web-security initiatives?

I often establish Ubuntu-LAMP environments on which I host a few Drupal web applications that I myself own (I don't provide any hosting services and never done so in the past). Whenever I establish such an environment, the most fundamental security…

tls linux apache ports ubuntu

asked Nov 23 '18 at 07:26

user123574

48

votes

3 answers

Are new Intel CPUs vulnerable to Meltdown/Spectre?

Has Intel released any information about new processors? According to their advisory a number of processors are susceptible, but it says nothing about when new processors will be fixed. Also Meltdown and Spectre Vulnerabilities has no answers…

meltdown spectre intel

asked Feb 13 '18 at 09:19

bitmask

585
1
5
12

48

votes

7 answers

Why isn't stealing cookies enough to authenticate?

I tried to export all my cookies through the 'Edit This Cookie' extension on a logged-in page which uses cookie authentication. While logged out I tried inserting those cookies hoping that I would be logged in, but nothing happened. After searching…

authentication cookies

asked Jan 29 '18 at 17:19

Kartikey singh

559
1
4
6

48

votes

1 answer

How to mitigate Meltdown in Docker images?

On https://meltdownattack.com/ it is suggested that (in some cases?) scenarios with Docker containers are also vulnerable. I'm a developer using Docker for two different purposes: Images used for running build steps in GitLab CI/CD A few images…

docker meltdown

asked Jan 04 '18 at 09:44

Jeroen

849
9
15

Most Popular