IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [confidentiality]

Confidentiality is the property of maintaining the secrecy of an asset. In other words, confidentiality means protecting against the threat of disclosure. It is one of the three key security properties of an asset, along with integrity and availability.

Confidentiality is the property of maintaining the secrecy of an asset. In other words, confidentiality requires that only authorized parties may be able to obtain the data. It is one of the three elements in the classic CIA triad of security properties, alongside and .

Typical measures to enforce confidentiality include physical protection (e.g. keeping papers in a locked safe) and cryptography, via .

184 questions
79
votes
6 answers

Does SSL/TLS (https) hide the urls being accessed

Suppose I type this in my browser https://www.mysite.com/getsecret?username=alice&password=mysecret and an attacker is watching all traffic from me to my ISP. What information is protected by HTTPS? Is the URL revealed? Are the parameters of the…
Jus12
  • 1,315
  • 2
  • 11
  • 16
43
votes
4 answers

Is passing sensitive data through the process environment secure?

Recently, I have been looking for the possibility to pass sensitive information from one process to another (at process startup time) without passing it through the command line or without using a filesystem entry. This is on Linux but the question…
David Tonhofer
  • 781
  • 6
  • 13
36
votes
6 answers

What are the purposes of these security policies?

I work at an IBM lab and there are some security policies that I do not understand the point of. When I ask why we do them my boss simply says it's policy and avoids answering the question. We must keep empty drawers locked When we leave work we…
hushhush
  • 359
  • 3
  • 7
34
votes
3 answers

Why can a Tor exit node decrypt data, but not the entry node?

Me -> Node A -> Node B -> Node C -> destination The documentation on Tor always states that only the exit node C can see plain text data. How is this possible without me talking to Node C directly? If I have some plain text data, and want to send it…
Petey B
  • 607
  • 1
  • 6
  • 8
30
votes
7 answers

Why encrypt data in memory?

I saw that KeePass not only encrypts its password-database-file, it also can encrypt the passwords it holds in memory. This is just an example. I thinking of a new project dealing with sensitve / personal data and now I ask myself if I should…
user573215
  • 443
  • 1
  • 4
  • 5
24
votes
4 answers

Why define CIA in security like this?

As we know CIA of the demand for security means: Confidentiality Integrity Availability I don't understand why define the "Integrity" and "Availability`, If we make a plaintext Confidentiality, the Integrity is a whole plaintext, this is the…
244boy
  • 935
  • 2
  • 6
  • 8
22
votes
5 answers

Timing Safe String Comparison - Avoiding Length Leak

Let's say that we're building a generic timing-safe comparison function for general purpose use. Making it so that it is safe when both strings are equal length is pretty well known. However, what I'm not sure about is how we can make it safe if the…
ircmaxell
  • 1,416
  • 12
  • 16
21
votes
6 answers

Getting rid of a large quantity of paper

Say you were in charge of getting rid of a large quantity of paper - up to 1,000 in a row. It can't be used as scratch paper because it contains confidential information. It also can't be outsourced to third parties because the company isn't…
Renan
  • 423
  • 2
  • 5
  • 9
19
votes
5 answers

Keyboard sniffing through audio recorded typing patterns

I've been thinking about this for a while; I know people are aware of wireless wiretapping of keyboards. However, has there been research on how to wiretap keyboards based on typing patterns? I'm thinking whether microphones can be used to build a…
Ztyx
  • 334
  • 1
  • 2
  • 10
14
votes
3 answers

Someone keeps using my email address. What to do?

I have had a GMail ever since it was created, so it's an email address that is easy to remember, but also easy for somebody else to get confused with. Since I'm not going to post my email address here, I'll put the format for it which is [first…
SameOldNick
  • 729
  • 3
  • 10
  • 22
14
votes
5 answers

Is there a digital "safety deposit box" equivalent?

Digital safety deposit boxes: do they exist? if yes, are (any|they) trustworthy? There are many bricks and mortar financial institutions where one can rent a locked box in a locked room and be assured the contents are secure, that access is…
matt wilkie
  • 501
  • 3
  • 12
13
votes
3 answers

Is it possible to get all the data I send through wifi?

Is it possible, that the network administrator (wpa2 wifi network) can log all the data the users send and then get password out of it? I know it is not possible to get the password if I'm surfing with https but what if I only use http pages?
hanssii
  • 141
  • 1
  • 3
13
votes
1 answer

Who is the creator of the CIA triad?

The Information Security goals - Confidentiality, Integrity and Availability (CIA) - are often referenced to as the CIA triad. As I am writing my master thesis, I am wondering to which resource I should put my reference on the CIA triad?! I've done…
Anna Völkl
  • 253
  • 2
  • 7
12
votes
6 answers

when is it safe to click through an SSL warning message?

How does a user know if it's safe to click through scary browser warnings about SSL certificates? Ideally, a user should never need to click through these warning messages, but sometimes honest websites run by honest, but not clueful, people will…
DanBeale
  • 2,064
  • 3
  • 18
  • 27
12
votes
1 answer

Can all the (other) recepients of a PGP encrypted message be identified?

Does an encrypted message contain any information about whom it is encrypted to, or at least to how many recipients? And if so, is it at least only obtainable for other recipients or for just anybody?
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
1
2 3
12 13