Highest Voted Questions - IT Security Stack Exchange

163

votes

5 answers

How can USB sticks be dangerous?

We all know the story of the USB drive left outside a power plant which was found by a worker and inserted into a computer to see the contents which then allowed a hack to ensue. Here is my question, how? I get that code is executed but how? I would…

asked Oct 16 '15 at 08:13

TheHidden

4,355
3
24
40

162

votes

6 answers

Why most people use 256 bit encryption instead of 128 bit?

Isn't 128 bit security enough for most practical applications?

asked Apr 23 '12 at 05:16

H M

2,977
6
24
21

162

votes

2 answers

What is DROWN and how does it work?

There is a new recent attack "on TLS" named "DROWN". I understand that it appears to use bad SSLv2 requests to recover static (certificate) keys. My question is: How? How can you recover static encryption or signature keys using SSLv2? Bonus…

asked Mar 01 '16 at 13:30

SEJPM

9,770
6
39
69

161

votes

4 answers

Why is the same origin policy so important?

I can't really fully understand what same origin domain means. I know it means that when getting a resource from another domain (say a JS file) it will run from the context of the domain that serves it (like Google Analytics code), which means it…

asked Oct 19 '11 at 22:34

YSY

2,259
4
20
16

160

votes

14 answers

What is the safest way to deal with loads of incoming PDF files, some of which could potentially be malicious?

As an investigative journalist I receive each day dozens of messages, many of which contain PDF documents. But I'm worried about some of the potentially malicious consequences of blindly opening them and getting my computer compromised. In the past,…

asked Feb 14 '17 at 10:04

Tom the journalist

1,389
2
9
9

159

votes

4 answers

What exactly does it mean when Chrome reports 'no certificate transparency information was supplied by the server?'

When visiting Gmail in Chrome, if I click on the lock icon in the address bar and go to the connection tab, I receive a message 'no certificate transparency information was supplied by the server' (before Chrome 45, the message was displayed as 'the…

asked Mar 06 '14 at 16:12

Andrew

1,806
2
13
9

158

votes

2 answers

SSH Key: Ed25519 vs RSA

A lot of people recommend using Ed25519 instead of RSA keys for SSH. The introduction page of Ed25519 (http://ed25519.cr.yp.to/) says: [..] breaking it has similar difficulty to breaking [..] RSA with ~3000-bit keys [..] So speaking only of security…

asked May 25 '15 at 21:59

Ben Richard

3,646
5
19
18

158

votes

8 answers

Is "Have I Been Pwned's" Pwned Passwords List really that useful?

My understanding of Have I Been Pwned is that it checks your password to see if someone else in the world has used it. This really doesn't seem that useful to me. It seems equivalent to asking if anyone in the world has the same front door key as…

asked Feb 26 '18 at 17:11

Dancrumb

2,636
3
16
15

157

votes

3 answers

If my password was able to be printed on a form sent home from my child's school, does it imply insecure password storage policies?

I have a user account for each of my children in our district website, which oversees registration, grades, identification, etc. I was recently sent home a form from both of my children's classrooms asking us to login to our accounts so we could…

asked Aug 24 '18 at 15:09

MrDuk

1,237
2
8
11

157

votes

12 answers

4-dial combination padlock: Is it more secure to zero it out or to blindly spin the dials after locking?

I am partially responsible for some resources protected by a 4-dial combination lock like this one: There are two things that people will usually do after they've locked it: reset all the digits to 0, so that the combination reads 0000, or mash…

asked Apr 13 '18 at 14:05

Peter Schilling

1,419
2
8
8

157

votes

23 answers

Hardening Linux desktop machine against people from my household

I am looking to make a clean install of a Debian system on my home desktop. To clarify, I am switching from Windows and wish to use it as my day-to-day home OS - I'm not going to be running any servers or anything like that. I also have reason to…

asked Jun 15 '16 at 10:20

Boris

1,430
2
10
11

157

votes

17 answers

Is the BBC’s advice on choosing a password sensible?

In this article on the BBC’s website they offer advice on how to develop a password. The steps are as follows. Step 1: Choose an artist (a recording artist I presume) Lets choose as an example case study the teen idol and all round bad boy Justin…

asked Jan 20 '16 at 16:26

TheJulyPlot

7,829
6
32
44

154

votes

14 answers

Why is the OS obfuscation defense against "It's a Unix system!" not widely implemented?

The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices--as soon as…

asked Dec 16 '19 at 23:42

Indigenuity

1,343
2
9
13

154

votes

3 answers

Does pressing a car remote many times offer denial of service attack for rolling codes?

My understanding of remote car key fobs, and similar security devices with rolling codes, is that the key device is a transmitter that, each time the button is pressed, sends the next secret in a known sequence that is unique to the key. It does not…

asked Jan 23 '19 at 12:56

Oddthinking

1,859
3
16
17

153

votes

19 answers

Has it been mathematically proven that antivirus can't detect all viruses?

What analysis was Bruce Schneier referencing when he wrote: Viruses have no “cure.” It’s been mathematically proven that it is always possible to write a virus that any existing antivirus program can’t stop. From the book Secrets & Lies by Bruce…

asked Jan 23 '19 at 01:51

Cate

1,245
2
8
4

Most Popular