Highest Voted Questions - IT Security Stack Exchange

41

votes

7 answers

Can we tamper-proof a game that's sold along with the Windows machine it runs on?

We want to protect a game that is basically sold with the computer containing it. The security is done this way: The HDD is encrypted using hardware TPM 1.2, which holds a unique key to decrypt the OS only in that specific computer. So Windows will…

encryption tpm tampering

asked Oct 31 '17 at 10:53

youns

591
1
4
5

41

votes

5 answers

Is it safe to upload & scan personal files on VirusTotal?

I had an idea to make a plugin for one of my email clients where my users will be able to upload & scan attachments using VirusTotal service, but then again I was worried about their privacy and security of uploading personal files which may have…

privacy

asked Aug 18 '17 at 04:54

Mirsad

10,075
8
33
54

41

votes

4 answers

Are there any known cases of antivirus software intentionally sending false alarms?

First things first, I'm not asking this question because of any specific alarm on my PC that I suspect to be false. It's just that from the perspective of the software industry, it would make some sense to implement false alarms every now and then,…

antivirus

asked May 18 '17 at 19:10

MaxD

503
4
9

41

votes

3 answers

Can anti-virus/virus protection be used to spy on you?

I'm a complete noob when it comes to these subjects. But here goes... Let's say someone is using a VPN, TOR, or some other tool to enhance their privacy. As I understand it, you are discouraged from using plugins, various apps, and other things as…

privacy vpn antivirus tor internet

asked Apr 24 '17 at 04:06

Lancadin

509
4
7

41

votes

3 answers

Why is the issuer certificate different at my workplace and at home?

I have viewed Gmail's certificate chain at my workplace, and I realised it's different. It looks like this: Root CA Operative CA1 ___________.net mail.google.com When I get the certificate chain at home, it looks like…

tls certificates certificate-authority tls-intercept

asked Feb 21 '17 at 09:01

ampika

655
7
13

41

votes

6 answers

Why hasn't it become the norm to inhibit repeated password guesses?

Everyone is aware of the convention/need for strong passwords. With the number of different kinds of clues people can use in their passwords, plus the various permutations of caps and digit-letter substitution, a hacker would need to make many…

authentication passwords

asked Jan 31 '17 at 22:02

donjuedo

659
1
5
8

41

votes

10 answers

Are there any OSes that verify program signatures before executing them?

If so, what are these OSes? Are they specially crafted? How difficult is it to apply this kind of program verification to the everyday OSes we use? If not, why haven't people invented such OSes? Package signature verification is quite common with…

digital-signature operating-systems

asked Dec 07 '16 at 08:19

Cyker

1,613
12
17

41

votes

7 answers

What are some important concepts to teach developers about cross-site scripting (XSS)?

I'm helping with a one-hour training for developers (~100 of them) on cross-site scripting. What are some concepts you think are indispensable to get across to them? Right now we have: Difference between reflected and stored Layers of defense…

xss secure-coding

asked Aug 31 '16 at 18:56

mcgyver5

6,844
2
26
46

41

votes

2 answers

What triggers Google's reCAPTCHA

I noticed that Google's "I am not a robot" reCAPTCHA forces me to check correct images on my computer. I installed a virtual machine and tried there. Same thing. Used proxy. Same thing too. Then I used another computer in the same network (same…

google captcha

asked May 29 '16 at 16:24

sanjihan

639
2
7
11

41

votes

5 answers

My WiFi network is replaced by another network. Am I being hacked?

To begin with, I am not very computer savvy. I am an older person with an older computer and a 2003 Windows XP using Google Chrome for a browser. (If anyone is old enough to remember when Windows first came out, and remembers their hologram…

network wifi

asked May 24 '16 at 12:17

Susie

407
1
4
6

41

votes

2 answers

Why hasn't anyone taken over Tor yet?

Tor is known to encrypt the transferred content and the meta information by layering the encryption. I know there have been correlation attacks that deanonymized some users by federal agencies. Why do they not take over the system? There are ~7000…

proxy tor anonymity nsa

asked Feb 22 '16 at 09:12

N. Nowak

585
4
13

41

votes

7 answers

Somebody hacked my router and changed my wifi SSID

One of my neighbours hacked the password of my router and he uses my limited internet package. I change the wifi SSID almost daily, but he can hack it easily. Today, he changed the SSID to a hate speech "insult". How can I stop him? I need a quick…

passwords wifi password-cracking router protection

asked Dec 10 '15 at 10:26

user2824371

539
1
4
7

41

votes

7 answers

Is there any legitimate reason to install yourself as a root CA?

Follow up from comments on another question. Is there any reason as to why you might install yourself as a root CA on your own network? The only reason I can think of is forcing computers in the network to trust your own self signed certificates…

tls certificates certificate-authority

asked Dec 01 '15 at 09:42

Dan

769
7
17

41

votes

5 answers

Is this an evidence of a Skype communication being spied on?

A couple of days ago I was having a conversation using Skype, then I wanted to share a link to a page with the interlocutor. I didn't want to let her understand the link content by just looking at the URL so I shortened it with Google shortening…

network spyware skype

asked Nov 20 '15 at 10:37

Matteo Umili

901
1
8
11

40

votes

3 answers

Is Ghostery safe to use?

I've heard about Ghostery, a browser extension/plugin that blocks web trackers. But according to this link it sells our data. Are add-ons and plugins open source in Firefox? Is there another alternative to Ghostery?

firefox plugins

asked Aug 28 '15 at 08:07

CatCoder

559
1
5
8

Most Popular