Highest Voted Questions - IT Security Stack Exchange

183

votes

3 answers

What is the purpose of "gibberish" comments posted to my blog?

Fairly frequently, the contact form on my blog gets comments that look similar to this (each field represents a text box users can enter into the HTML form on the blog): Name: 'ceguvzori' Email: 'gwizwo@avbhdu.com' Website: 'QrSkUPWK' Comment:…

spam

asked Apr 29 '14 at 03:22

IQAndreas

6,845
10
35
53

183

votes

5 answers

Why are chips safer than magnetic stripes?

After the recent Target hack there has been talk about moving from credit cards with magnetic stripes to cards with a chip. In what ways are chips safer than stripes?

asked Jan 23 '14 at 13:05

Thomas

3,861
5
23
27

182

votes

11 answers

Help! My home PC has been infected by a virus! What do I do now?

This is an attempt to ask a canonical question as discussed in this old meta post. The goal is to create something helpful that can be used as a duplicate when non experts ask about virus infections. Let's say that I have determined beyond doubt…

asked Oct 03 '16 at 12:11

Anders

65,582
24
185
221

181

votes

10 answers

Can webcams be turned on without the indicator light?

I've made a series of penetration tests in my network and one of the things I've tried was to record webcam and microphone. Recording an end-user's microphone seems to be a stealth thing, but what about the webcam? In my tests, the indicator is…

asked Sep 01 '11 at 16:33

user4610

180

votes

12 answers

How is an ATM secure?

I'm curious why an ATM computer is considered secure. The general adage of "If an attacker has physical access to my machine, all bets are off," seems to not apply in this circumstance (since everyone has physical access to the machine). Why is…

asked Mar 20 '13 at 13:49

asteri

1,895
3
15
22

179

votes

10 answers

How secure are virtual machines really? False sense of security?

I was reading this CompTIA Security+ SYO-201 book, and the author David Prowse claims that: Whichever VM you select, the VM cannot cross the software boundaries set in place. For example, a virus might infect a computer when executed and spread…

asked Apr 12 '11 at 23:48

T. Webster

2,379
3
21
20

178

votes

4 answers

Is there anything preventing the NSA from becoming a root CA?

There are now tons of Certification Authorities (CAs) that are trusted by default in major OS's, many of which are unrecognizable without online lookup or reference. While there have been attempts by the NSA and others to "hack" or otherwise…

asked Oct 20 '14 at 16:20

user2813274

2,071
2
14
18

178

votes

18 answers

What is a good analogy to explain to a layman why passwords should be hashed?

Note: This is not an actual situation I'm currently in. Assume your boss is one of those old-fashioned computer-illiterate managers and wants to store the passwords in plaintext to simplify development. You get 5 minutes to explain the point of…

asked Jul 18 '14 at 11:29

Nzall

7,433
6
31
46

178

votes

12 answers

Why is it wrong to implement myself a known, published, widely believed to be secure crypto algorithm?

I know the general advice that we should never design¹ a cryptographic algorithm. It has been talked about very extensively on this site and on the websites of professionals of such caliber as Bruce Schneier. However, the general advice goes…

asked May 07 '19 at 10:49

gaazkam

6,015
11
28
45

178

votes

8 answers

Why can't the FBI read the key embedded in the iPhone's secure chip/ROM directly from hardware (silicon)?

As far as I understand, the 4 digit passcode is combined (in some fashion) with a key stored in secure read only memory (e.g. secure enclave chip or similar), where it is directly embedded into silicon wiring to help prevent unauthorized reads. But…

asked Feb 18 '16 at 18:08

user9806

1,679
2
11
4

173

votes

7 answers

Difference Between OAUTH, OpenID and OPENID Connect in very simple term?

I am very confused the difficult jargon available in web about OAUTH, OpenID and OPENID Connect. Can anyone tell me the difference in simple words.

asked Oct 29 '13 at 13:31

Imran Qadir Baksh - Baloch

2,541
4
18
16

173

votes

4 answers

Where to store a server side encryption key?

I have some data that is symmetrically encrypted with a single key in my database. Rather than hard coding it into my code, I am looking for a safer way to store the encryption key. Where can I safely store it?

asked Mar 01 '12 at 17:19

Radek

1,833
2
12
5

172

votes

4 answers

GitLab account hacked and repo wiped

I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address…

asked May 03 '19 at 13:01

Stefan Gabos

1,113
2
7
9

172

votes

26 answers

Convince people not to share their password with trusted others

IT workers are usually trusted by their family members who readily share passwords (Facebook, email, twitter, you-name-it!) so they can get easy help to set what-ever-parameter they don't find or explanation of a challenging situation. I always try…

asked Sep 26 '16 at 08:35

Auzias

1,518
2
10
14

171

votes

9 answers

Is Adblock (Plus) a security risk?

My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's appearance, Adblock Plus (and others) might…

asked Feb 27 '14 at 07:25

Tobias Kienzler

7,868
11
44
71

Most Popular