IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [international]

31 questions
44
votes
5 answers

Is blocking a country's access to a website a good measure to avoid hackers from that country?

I am located in Venezuela right now, and for the whole weekend have been unable to access grubhub.com and seamless.com. Finally, I tried using the Tor Browser and got access. The same thing happened in January when I tried to access the police…
Luis Arriojas
  • 548
  • 1
  • 4
  • 9
17
votes
4 answers

Best way to report a foreigner attacker's ip to authorities?

I have been under attack last week and I was able to trace down the attacker and get his IP address. The attacker was located in Germany but I live out of Europe? From your experience what is the best way to report an international cyber crime? is…
HEX
  • 521
  • 2
  • 4
  • 11
12
votes
5 answers

password complexity policy for non "English" passwords

In an internationalized application, what is the best practice for a policy on complexity of passwords? I am not having luck searching for the answer. Wikipedia lists these items for password policy: the use of both upper- and lower-case letters…
Kevin Hakanson
  • 491
  • 1
  • 5
  • 13
11
votes
3 answers

White list or black list sanitation for international input?

There seem to be so many ways to create nefarious input that white-listing what input is good usually feels like the safer, simpler option. For instance, one can fairly easily craft a white list regex that includes good things [a-zA-Z0-9], but…
jaketrent
  • 213
  • 2
  • 6
10
votes
2 answers

Why do so many cracking attempts originate from China?

I recently put a Linux server online and it didn't take long until I had the first attempts to brute-force the SSH login. It's not that I am worried about that - I trust the security of my server. But just out of boredom I looked up some of the…
Philipp
  • 48,867
  • 8
  • 127
  • 157
10
votes
3 answers

Encryption-Laws in Iran

According to this article Iran has criminalized the usage of encryption and VPNs. According to this blog post it is still possible to use SSH tunnels in Iran. For me SSH is encryption and thus forbidden in the Iran, but I wonder how online banking,…
Baarn
  • 248
  • 4
  • 15
8
votes
3 answers

What is the equivalent European organization of NIST, especially in the Security Computer Division?

What is the European counterpart organization to USA's NIST? I want to check the European best practices and guidelines on computer security. Does anyone know if this organization exists, and if there are available publications? I need to check…
boos
  • 1,066
  • 2
  • 10
  • 21
7
votes
2 answers

What are the compliance requirements or standards for a non-US firm hosting personal data in the US?

I work for a head hunting company with offices in Canada and Asia. We migrated our custom built CRM system from our own servers hosted in Japan to an Amazon hosting service meaning that all our data is now held on Amazon servers in the US. Data…
Nicholas Adams
  • 179
  • 1
7
votes
3 answers

What can a web application developer do to protect user information from powerful adversaries like the NSA or China

Some well funded intelligence services with potentially untrustworthy employees intercept and store encrypted data for years, in hopes of cracking it with future technology. What can I do to make this more difficult for them, and how can I limit the…
Dan Ross
  • 195
  • 5
6
votes
2 answers

Why is HTTPS seemingly so infrequently used internationally (Asia)?

I've recently had the privilege of doing some traveling internationally, and I noticed that (particularly in Asia) HTTPS is very infrequently used, even on government and educational websites where users login and provide sensitive information. I…
Funktr0n
  • 161
  • 2
6
votes
2 answers

What risk do International Domain Names (IDN) pose?

I understand that IDN's are basically a GUI display change for domains that have a prefix of "xn--". What should I advise companies do in regards to these domains? For example, should companies actively seek out and register domains in alternative…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
6
votes
5 answers

Encryption laws in India -- is it allowed to use ssh and VPN?

I have a very similar question to the one asked here (regarding Iran). However, I would like to use ssh and vpn while being in India. I found already this survey of cryptographic laws but I don't understand the implications for ssh and VPN.…
Mike
  • 63
  • 1
  • 3
3
votes
1 answer

What lawful interception standards are used outside Europe?

In Europe European Telecommunications Standards Institute (ETSI) define the standard requirements to handle a lawful interception. It's define all from the terminology and definition to the technical encoding of the payload that will be intercepted…
boos
  • 1,066
  • 2
  • 10
  • 21
3
votes
2 answers

What International laws should one in the InfoSec industry we be aware of?

What InfoSec regulations should one be aware of when dealing with 'live' cross-border communications, or the offline transport of information?
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
3
votes
1 answer

Will PGP signed email be blocked in China?

I generally sign all of my outgoing email with PGP. I don't usually encrypt it because most people I send mail to don't have a public key. Anyway, if I send an unencrypted message with a PGP signature to someone in China, will it get blocked or get…
Jason
  • 1,319
  • 10
  • 17
1
2 3