IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [end-user]

In security, an end user is a person or machine with no administrative privileges with respect to a given security context. For example, non-admin users of a Windows or Unix domain, a device on a public network, even a server installing an SSL certificate is an end-user with respect to the CA hierarchy.

In security, an end user is a person or machine with no administrative privileges with respect to a given security context.

For example

  • non-admin users of a Windows or Unix domain
  • a device on a public network
  • even a server installing an SSL certificate is an end-user with respect to the CA hierarchy.
13 questions
46
votes
3 answers

For an end-user, is HTML5/JavaScript more secure than Flash?

I’m not talking about server-side security or even necessarily XSS vulnerabilities, as these are attacks on vulnerable services and do not use any pre-existing vulnerabilities on the client side to affect an end user. They will exist as long as web…
Jonathan Gray
  • 1,036
  • 7
  • 11
34
votes
5 answers

How can I explain "zero knowledge proof" to an end user?

A ZKP allows proof of knowing the answer to a secret, without actually disclosing what that answer is. Is there any analogy that can help people put this concept into everyday practice? A "lie to children" example is sufficient. For example,…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
13
votes
5 answers

End user security awareness measurement

Apart from the conventional email phishing tests, what other security Key Performance Indicators can be used to measure end user security awareness in an Organization? Looking at the SANS critical security control #9: 9.4 Validate and improve…
AdnanG
  • 707
  • 2
  • 8
  • 18
4
votes
2 answers

Allowing access to a programmatically created user without compromising security?

I am writing an app that requires multiple levels of users, where one user is an administrator and adds slave users. I can't really seem to find a way to allow access to the slave users safely. Emailing a password is unsafe as emails are…
Allenph
  • 153
  • 4
3
votes
0 answers

Are external email warnings effective?

Conceptually, "THIS EMAIL IS FROM AN EXTERNAL SENDER" warnings should be useful at preventing phishing or spoofing attacks. If "your boss" asks you to buy a bunch of gift cards and you see that warning, maybe you catch it. With so many legitimate…
Nate Lowry
  • 131
  • 1
3
votes
1 answer

Is it reasonable to store encrypted TOTP keys + authentication credentials on a single device (for end-user)?

My current security model (at least for passwords) is to store them encrypted at rest and use GPG (in combination with an Yubikey) to perform encryption / decryption. I'm using pass (https://www.passwordstore.org/) to help automate the process for…
Aea
  • 173
  • 3
2
votes
2 answers

How should failures by a single user on a simulated phishing email be measured?

I work in the IT Security function of my company as a team lead. We periodically send out phishing emails to all users on company network as a form of continuous education of users on how to spot malicious phishing emails. Our company operates in…
Anthony
  • 1,736
  • 1
  • 12
  • 22
2
votes
2 answers

How do traffic correlation attacks against Tor users work?

I was reading about how Tor works. There is says that if the attacker is able to see both ends of the communication channel then Tor fails (and other anonymous networks too). How and why does this attack work?
Ugnes
  • 361
  • 2
  • 3
  • 15
1
vote
0 answers

Recommended End-User Authentication for OpenID Connect / OAuth 2

I am learning about OAuth 2 and OpenID Connect. Reading the documentations I feel that the specification of OpenID Connect leaves some blank space regarding the End-User Authentication. The spec states: The methods used by the Authorization Server…
Tobias N. Sasse
  • 43
  • 6
1
vote
2 answers

Is HTML5/JavaScript more secure than Flash/Java, as the browser becomes more like an OS?

I have been asked to post this here: I want to focus on the security of the end-user in these two different scenarios: 1) Pre HTML 5 where the applications and so on lived in plug ins outside the browser sandbox by way of Flash and Java installed…
TheShowThatSUX
  • 29
  • 5
0
votes
2 answers

Efficiency of end-user training

I have read a lot on the topic of enforcing end-user security training, such as how to spot a phishing email for example. Even enforced training, such as conferences or videos that the end-user must watch can easily be neglected or not cared for by…
Derek Spampinato
  • 1
  • 1
0
votes
2 answers

Secure key exchange in web between pages

In the authentification page the user writes his password, and if it is correct, he is redirected to the main page. In the main page there is a messenger also, which uses end-to-end encryption (Diffie- Hellman and AES). For that, it requires the…
Sonya Seyrios
  • 33
  • 1
  • 7
-3
votes
1 answer

How information security/cyber security evolved for a Novice End user in the Last 10 Years

The main point to note is the type of laws that protect the users. Its main focus is My points of discussion include 1) Challenges faced in Cyber-security. 2) Evolution of cyber security over the last 10 years 3) How to stay protected online :…
Chip Munk
  • 1
  • 3