Highest Voted Questions - IT Security Stack Exchange

253

votes

2 answers

Can ads on a page read my password?

Disclaimer: I have minimal web-dev/security knowledge so please answer as if talking to a "layman." I've heard that web-advertisements need to be able to run their own JavaScript so that they can verify they're being viewed by "real users." As this…

asked Aug 06 '19 at 15:54

scohe001

1,045
2
8
13

250

votes

10 answers

How is the "WannaCry" Malware spreading and how should users defend themselves from it?

There's a new strain of attacks which is affecting a lot of systems around the world (including the NHS in the UK and Telefonica in Spain) which is being called "WannaCry" amongst other names. It seems to be a both a standard phishing/ransomware…

asked May 12 '17 at 19:02

Rory McCune

62,266
14
146
222

248

votes

4 answers

SSL3 "POODLE" Vulnerability

Canonical question regarding the recently disclosed padding oracle vulnerability in SSL v3. Other identical or significantly similar questions should be closed as a duplicate of this one. What is the POODLE vulnerability? I use…

asked Oct 14 '14 at 23:50

tylerl

83,435
26
152
232

246

votes

14 answers

My college is forcing me to install their SSL certificate. How to protect my privacy?

My college administration is forcing us to install Cyberoam Firewall SSL certificate so that they can view all the encrypted traffic to "improve our security". If I don't install the certificate than I won't be able to use their network. What are…

asked Nov 04 '15 at 13:57

svetaketu

2,181
2
11
5

245

votes

18 answers

Passwords being sent in clear text due to users' mistake in typing it in the username field

Upon reviewing the Logs generated by different SIEMs (Splunk, HP Logger Trial and the AlienVault platform’s SIEM) I noticed that for some reason quite a few users tend to make the mistake of typing their passwords in the username field, either in…

asked Mar 05 '13 at 16:09

Lex

4,257
5
21
27

244

votes

11 answers

Why is Math.random() not designed to be cryptographically secure?

The JavaScript Math.random() function is designed to return a single IEEE floating point value n such that 0 ≤ n < 1. It is (or at least should be) widely known that the output is not cryptographically secure. Most modern implementations use the…

asked Mar 15 '18 at 06:11

forest

66,706
20
212
270

242

votes

5 answers

What is the difference between https://google.com and https://encrypted.google.com?

Is it there any difference between the encrypted Google search (at https://encrypted.google.com) and the ordinary HTTPS Google search (at https://google.com)? In terms of security what were the benefits of browsing through encrypted Google…

asked Mar 10 '13 at 15:03

BlueBerry - Vignesh4303

5,127
13
35
65

242

votes

12 answers

Is single quote filtering nonsense?

Penetration testers found out that we allow single quotes in submitted data fields, and want us to apply rules (input validation) to not allow them in any value. While I'm aware that single quotes are popular for SQL injection attacks, I strongly…

asked Feb 04 '19 at 13:28

Peter Walser

1,791
2
11
9

241

votes

6 answers

Is Telegram secure?

There is a new WhatsApp-killer application called Telegram. They said that it's open source and that it has a more secure encryption. But they store all the messages in their servers and WhatsApp doesn't store any messages in any server, only a…

asked Feb 02 '14 at 18:17

ilazgo

2,753
4
14
10

240

votes

10 answers

Is "the oft-cited XKCD scheme [...] no longer good advice"?

I was stumbling around and happened onto this essay by Bruce Schneier claiming that the XKCD password scheme was effectively dead. Modern password crackers combine different words from their dictionaries: [...] This is why the oft-cited XKCD scheme…

passwords

asked Jul 10 '14 at 05:16

Nick T

3,432
5
22
28

240

votes

13 answers

Where do you store your personal private GPG key?

So, I want to start using pass, but I need a GPG key for this. This application will store all of my passwords, which means it's very important that I don't lose my private key, once generated. Hard disks break, cloud providers are generally not…

asked Feb 18 '14 at 09:16

Florian Margaine

2,525
3
14
10

238

votes

7 answers

All 0s (zeros) in a bank card's CVC code

My bank card recently expired. I got a new one and this one turned out to be "lucky": its CVC code was 000. For a few months I used it extensively, both online and offline, without any difficulties - until the day when I entered my card details on…

credit-card

asked Dec 22 '18 at 20:30

Vlad Nikiforov

2,023
2
8
9

236

votes

5 answers

Recommended # of iterations when using PBKDF2-SHA256?

I'm curious if anyone has any advice or points of reference when it comes to determining how many iterations is 'good enough' when using PBKDF2 (specifically with SHA-256). Certainly, 'good enough' is subjective and hard to define, varies by…

asked May 19 '11 at 22:32

Tails

2,548
3
15
10

236

votes

3 answers

Why did I have to wave my hand in front of my ID card?

I recently had to authenticate myself online to use an internet-based service. The authentication process was done via video call with me holding my ID card in front of my laptop camera beside my face. I also had to wiggle the ID card so the person…

asked Aug 13 '18 at 09:31

Tom K.

7,976
3
32
53

235

votes

10 answers

Is there any reason to disable paste password on login?

Today I logged in to pay my cellphone bill, and I found that the site has disabled paste functionality in password field. I'm a webdev and I know how to fix this, but for regular user is REALLY annoying having to type a random password like…

asked Jul 27 '16 at 02:31

IAmJulianAcosta

2,475
3
16
18

Most Popular