Highest Voted Questions - IT Security Stack Exchange

153

votes

11 answers

What alternatives are there when SSH is being actively filtered?

Unfortunately our government filters the SSH protocol so now we can't connect to our Linux server. They do the filtering by checking the header of each packet in the network layer (and not by just closing port). They also do away with VPN…

ssh

asked Jan 02 '12 at 21:18

Moein Hosseini

1,293
2
9
7

152

votes

7 answers

Can someone take down Wi-Fi signal?

Is it possible that someone made an attack (DoS or something else) to my Wi-Fi router (without knowing of the password) and make my router's signal unavailable? 1) How it can be done? 2) What are remedies?

asked Nov 26 '16 at 08:13

T.Todua

2,727
4
21
30

152

votes

4 answers

Which security measures make sense for a static web site?

I have a static web site. Users cannot log in or perform any other actions. Which of the common HTTP security measures make sense for my site? Do I need any of these? HTTPS Strict transport security Content security policy Certificate…

asked Nov 13 '16 at 13:43

Sjoerd

30,589
13
80
107

152

votes

5 answers

What to do if stuck with website that has poor security?

I have a student loan account with a company, not the biggest company but big enough to where they should have their act together. Today I couldn't remember my password to log into my account dashboard. I clicked "forgot password" and they prompted…

asked Mar 16 '16 at 13:44

DasBeasto

1,806
2
15
14

151

votes

8 answers

How can PayPal spoof emails so easily to say it comes from someone else?

When I receive a payment in PayPal, it sends me an email about it (pictured below). The problem is that the email is shown to be coming from the money sender's email address and not from PayPal itself, even though the real sender is PayPal. Here is…

email

asked Dec 06 '11 at 15:03

Sunny88

1,629
2
11
6

150

votes

6 answers

Is password entry being recorded on camera a realistic concern?

I live in a city where CCTV camera coverage is comprehensive and increasing. Cameras are getting cheaper and higher resolution. Everyone has a video camera in their pocket already, and we are starting to see trends which indicate always-on cameras…

asked Nov 08 '18 at 15:42

davnicwil

1,241
2
8
8

150

votes

12 answers

Do I need to encrypt connections inside a corporate network?

Provided that I have a decent level of physical security in the office, I monitor the physical addresses of devices connected to the network and only give VPN access to trusted parties, do I need to encrypt access to intranet resources over HTTP?…

asked Jun 21 '18 at 14:58

Robert Cutajar

1,451
2
8
7

149

votes

7 answers

Why use OpenID Connect instead of plain OAuth2?

I just started to use OAuth 2.0 as a way to authenticate my users. It works great - I just use the identity/profile API of each provider to get a validated email address of the user. Now I read about OpenID Connect and am a little bit confused.…

asked Jun 21 '13 at 06:18

rdmueller

2,763
3
20
18

149

votes

5 answers

How can I export my private key from a Java Keytool keystore?

I would like to export my private key from a Java Keytool keystore, so I can use it with openssl. How can I do that?

asked May 13 '11 at 11:11

Jonas

5,193
7
35
35

149

votes

9 answers

How do organizations check what has been hacked?

In the UK, the company TalkTalk was recently hacked. It was later discovered, after 'investigation' that the hack was not as serious as it could have been (and less than expected). I'm wondering: How do organizations (not necessarily TalkTalk --…

incident-response

asked Oct 27 '15 at 11:22

ᔕᖺᘎᕊ

1,283
2
9
8

146

votes

1 answer

How does Shutterstock keep getting my latest debit card number?

I've made a single photo purchase from Shutterstock back in 2012. I created an account and gave them my debit card #. I haven't made a single purchase from them since. Silently in 2018, they activated auto-renew without my consent, without notifying…

asked Jan 05 '21 at 01:27

M -

1,927
5
11
13

146

votes

8 answers

How should I set up emergency access to business-critical secrets in case I am "hit by a bus"?

I work as the primary developer and IT administrator for a small business. I want to ensure that business can continue even if I suddenly become unavailable for some reason. Much of what I do requires access to a number of servers, (through…

asked Nov 30 '15 at 16:55

AndrewSwerlick

1,479
2
10
7

145

votes

24 answers

Why can't I just let customers connect directly to my database?

I'm pretty sure this is a stupid idea but I'd like to know why, so bear with me for a moment. Lots of the work backend developers do is providing CRUD access to customers via HTTP, essentially mapping data from and to the internal database.…

asked Apr 17 '20 at 12:45

Moritz Friedrich

1,495
2
10
10

145

votes

14 answers

Is there any technical security reason not to buy the cheapest SSL certificate you can find?

While shopping for a basic SSL cert for my blog, I found that many of the more well-known Certificate Authorities have an entry-level certificate (with less stringent validation of the purchaser's identity) for approximately $120 and up. But then I…

asked Aug 14 '12 at 19:19

Luke Sheppard

2,257
3
16
21

144

votes

9 answers

How secure is Chrome storing a password?

Whenever I enter a login into a new site, Chrome asks me if it should store the login details. I used to believe this was fairly secure. If someone found my computer unlocked, they could get past the login screen for some website using the stored…

asked Oct 01 '17 at 17:23

Tony Ruth

1,383
2
9
5

Most Popular