IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [crime]

Questions relating criminal activity, performed (or aided) with the usage of a computer system. Also occasionally used for the CRIME TLS vulnerability.

38 questions
65
votes
9 answers

Can attackers get anything with DoS attacks except crashing the service?

A DoS (short for "denial of service") attack is a form of attack used on web services which aims to "crash" the service. Is there any motive of this form of attack besides crashing the service / website? For example, I could think of blackmailing/…
Martin Thoma
  • 3,902
  • 6
  • 30
  • 42
53
votes
7 answers

How can a company ensure cybercriminals destroy hacked data after payment?

Cloud computing provider Blackbaud reported on https://www.blackbaud.com/securityincident "...the cybercriminal removed a copy of a subset of data from our self-hosted environment. ... we paid the cybercriminal’s demand with confirmation that the…
Gnubie
  • 573
  • 1
  • 4
  • 7
36
votes
14 answers

Laptop Anti-Theft Measures

A law firm I've been in contact with has recently been broken into 3 times in the past 4 months. In spite of a number of laptops and other equipment containing sensitive information being stolen, the tech support company occasionally doing work for…
Mike H
  • 477
  • 4
  • 4
18
votes
3 answers

Is gzipping content via TLS allowed?

So I have these few compression directives at http level in nginx: gzip on; gzip_http_version 1.1; gzip_vary on; I read that this should be avoided because of CRIME/BREACH attack, is this correct?
Florian Schneider
  • 1,073
  • 2
  • 9
  • 11
12
votes
2 answers

Are social security numbers useless by themselves?

453.7 million social security numbers have been issued to date. There are only 1 billion = 1000 million distinct 9 digit integers. This means that if I were to make up any 9 digits, I would have roughly a 45% chance of guessing someone else's valid…
jake192
  • 367
  • 2
  • 8
10
votes
2 answers

Why do so many cracking attempts originate from China?

I recently put a Linux server online and it didn't take long until I had the first attempts to brute-force the SSH login. It's not that I am worried about that - I trust the security of my server. But just out of boredom I looked up some of the…
Philipp
  • 48,867
  • 8
  • 127
  • 157
10
votes
1 answer

Whats the best custom compression method to use when I have SSL?

Suppose I have an application which does encryption using SSL and provided you cannot control what cipher suite is being negotiated, and assuming that I have some custom compression over the data before the encryption takes place. What would be the…
Cookies
  • 203
  • 2
  • 7
10
votes
2 answers

Magnet to wipe HDD

This question is for HDD, not SDD. Would a Neodymium magnet like this one be strong enough to wipe the contents of a hard disk drive? How long would such an act take to destroy any data so it's not recoverable? Would it be possible to format and…
k1308517
  • 1,272
  • 14
  • 27
7
votes
1 answer

Realistic: Exploiting a computer on BIOS/ hardware level in less than an hour? (Infinite preparation time)

I wonder how hard it it to infect a laptop or netbook in 60 minutes or less in a way the victim cannot easily clean their machine by wiping hard disk drives. Let's assume the following: The attacker has physical access to the machine. I.e. they…
ALittleBitOfParanoia
  • 71
  • 1
7
votes
2 answers

Are there any known cases where antivirus software has deliberately ignored malware?

Are there any known cases where antivirus companies for some reason have choosen to make their product allow/ignore malicious software? The reason could be government coercion or former trustworthy companies/developers turning to cyber-crime.
qnyz
  • 211
  • 1
  • 4
7
votes
3 answers

Why aren't ransomware deployers arrested?

Why aren't people who use ransomware to extort money from people arrested? Using ransomware is illegal, presumably. The idea that Bitcoin is anonymous is a myth. Given this, it seems like they should be arrested. Is there a reason they aren't?
PyRulez
  • 2,937
  • 4
  • 15
  • 29
5
votes
6 answers

How to Investigate Wi-Fi Intrusion and where to look for evidence?

I'm trying to figure out how to configure a network so that I can tell what an intruder did (in the past) while on the network after they are detected. eg. If someone with a wi-fi enabled laptop parked outside my home and connected to my home…
Tony
  • 51
  • 1
  • 1
  • 2
4
votes
3 answers

IP addresses readily available on black market?

I know that criminals can readily find on the black market large dumps of password databases from hacked sites. These may contain the username, password, and email address for millions of users. But what about IP addresses? Is it easy to find…
D.W.
  • 98,420
  • 30
  • 267
  • 572
3
votes
1 answer

Clarification on organized cyber crime concept

We had a small presentation by my colleagues on 'Organized Cyber Crime' and they presented the topic with a supporting case on The Ashley Madison Hack. Well, I disputed the case presentation by saying that the hack was more of a "targeted attack"…
user2339071
  • 271
  • 1
  • 8
3
votes
2 answers

Is revealing your residence physical address when browsing the web a security risk?

I live in a large apartment building that provides a wireless service for residents. All of that traffic goes through a proxy server, and the domain name on that server contains the name of the apartment building and the city. So, when I load a…
user27333
  • 39
  • 1
1
2 3