IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
161
votes
14 answers

What is the safest way to deal with loads of incoming PDF files, some of which could potentially be malicious?

As an investigative journalist I receive each day dozens of messages, many of which contain PDF documents. But I'm worried about some of the potentially malicious consequences of blindly opening them and getting my computer compromised. In the past,…
Tom the journalist
  • 1,389
  • 2
  • 9
  • 9
161
votes
7 answers

Why most people use 256 bit encryption instead of 128 bit?

Isn't 128 bit security enough for most practical applications?
H M
  • 2,957
  • 6
  • 22
  • 21
160
votes
4 answers

Why is the same origin policy so important?

I can't really fully understand what same origin domain means. I know it means that when getting a resource from another domain (say a JS file) it will run from the context of the domain that serves it (like Google Analytics code), which means it…
YSY
  • 2,249
  • 4
  • 20
  • 16
159
votes
12 answers

https security - should password be hashed server-side or client-side?

I am building a web application which requires users to login. All communication goes through https. I am using bcrypt to hash passwords. I am facing a dilemma - I used to think it is safer to make a password hash client-side (using JavaScript) and…
johndodo
  • 1,825
  • 2
  • 13
  • 9
159
votes
4 answers

What exactly does it mean when Chrome reports 'no certificate transparency information was supplied by the server?'

When visiting Gmail in Chrome, if I click on the lock icon in the address bar and go to the connection tab, I receive a message 'no certificate transparency information was supplied by the server' (before Chrome 45, the message was displayed as 'the…
Andrew
  • 1,806
  • 2
  • 12
  • 9
159
votes
8 answers

Is "Have I Been Pwned's" Pwned Passwords List really that useful?

My understanding of Have I Been Pwned is that it checks your password to see if someone else in the world has used it. This really doesn't seem that useful to me. It seems equivalent to asking if anyone in the world has the same front door key as…
Dancrumb
  • 2,626
  • 3
  • 14
  • 15
157
votes
3 answers

If my password was able to be printed on a form sent home from my child's school, does it imply insecure password storage policies?

I have a user account for each of my children in our district website, which oversees registration, grades, identification, etc. I was recently sent home a form from both of my children's classrooms asking us to login to our accounts so we could…
MrDuk
  • 1,237
  • 2
  • 8
  • 10
157
votes
12 answers

4-dial combination padlock: Is it more secure to zero it out or to blindly spin the dials after locking?

I am partially responsible for some resources protected by a 4-dial combination lock like this one: There are two things that people will usually do after they've locked it: reset all the digits to 0, so that the combination reads 0000, or mash…
Peter Schilling
  • 1,419
  • 2
  • 7
  • 8
157
votes
17 answers

Is the BBC’s advice on choosing a password sensible?

In this article on the BBC’s website they offer advice on how to develop a password. The steps are as follows. Step 1: Choose an artist (a recording artist I presume) Lets choose as an example case study the teen idol and all round bad boy Justin…
TheJulyPlot
  • 7,729
  • 6
  • 30
  • 44
155
votes
23 answers

Hardening Linux desktop machine against people from my household

I am looking to make a clean install of a Debian system on my home desktop. To clarify, I am switching from Windows and wish to use it as my day-to-day home OS - I'm not going to be running any servers or anything like that. I also have reason to…
Boris
  • 1,410
  • 2
  • 9
  • 11
154
votes
14 answers

Why is the OS obfuscation defense against "It's a Unix system!" not widely implemented?

The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices--as soon as…
Indigenuity
  • 1,323
  • 2
  • 7
  • 13
153
votes
3 answers

Does pressing a car remote many times offer denial of service attack for rolling codes?

My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not…
Oddthinking
  • 1,807
  • 3
  • 16
  • 17
153
votes
19 answers

Has it been mathematically proven that antivirus can't detect all viruses?

What analysis was Bruce Schneier referencing when he wrote: Viruses have no “cure.” It’s been mathematically proven that it is always possible to write a virus that any existing antivirus program can’t stop. From the book Secrets & Lies by Bruce…
Cate
  • 1,245
  • 2
  • 7
  • 4
153
votes
5 answers

What to do if stuck with website that has poor security?

I have a student loan account with a company, not the biggest company but big enough to where they should have their act together. Today I couldn't remember my password to log into my account dashboard. I clicked "forgot password" and they prompted…
DasBeasto
  • 1,796
  • 2
  • 14
  • 14
153
votes
11 answers

What alternatives are there when SSH is being actively filtered?

Unfortunately our government filters the SSH protocol so now we can't connect to our Linux server. They do the filtering by checking the header of each packet in the network layer (and not by just closing port). They also do away with VPN…
Moein Hosseini
  • 1,293
  • 2
  • 9
  • 7
1 2 3
99 100