Highest Voted 'opsec' Questions - IT Security Stack Exchange

448

votes

14 answers

Is it bad practice to use your real name online?

On some accounts I use my real name on-line (Google+/Facebook/Wikipedia/personal blog), others (Q&A/Gaming) I use an alias. My question is: Security and privacy wise, what can people do with my real name? What are the dangers of using your real name…

asked Dec 06 '13 at 11:36

blade19899

3,601
3
13
18

13

votes

1 answer

WAF Process Creation for Integration of IT and Business

A client has asked me to help them out with their WAF processes. Currently they have a few critical web applications being protected by a couple of WAFs. I have managed to get the WAFs tuned and ready for production. The company is fairly large and…

web-application corporate-policy waf operations opsec

asked Jul 22 '13 at 15:04

Lex

4,247
4
19
27

11

votes

3 answers

Disable USB keyboard pluggability on MacBook

I'm concerned about USB devices being physically attached to my MacBook laptop when I am about to unlock my computer or while my computer is unlocked. My threat model involves an attacker who is willing to spend about $200 to gain access to my…

hardware physical usb operations opsec

asked Apr 08 '15 at 12:45

dionyziz

213
1
7

6

votes

3 answers

What are some ways to anonymize your writing style?

I imagine that if someone suspected an anonymous online persona of being a specific real person who also had writing samples available online (like a blog or social media) they'd be able to compare the styles of writing. What are some ways to…

anonymity opsec

asked Nov 29 '18 at 19:38

user187395

5

votes

2 answers

Shutdown if case opened

Assume the user has a full disk encrypted HDD in which their OS and files reside. They also have made attaching USB or any other device without first allowing it cause an automatic shutdown which subsequently wipes the RAM clean (the same way Tails…

physical opsec

asked Jan 18 '16 at 22:35

user5510281

81
4

4

votes

1 answer

When reading PGP or other encrypted emails, is it wise to unplug my computers ethernet in order to use my private key?

I've never used PGP before so my logic may be a bit off. When receiving an email encrypted with my public key, would it not be best to unplug or disconnect my computer's internet before decrypting with my private key? That way there can be no chance…

encryption pgp opsec

asked Aug 31 '17 at 21:19

watchy

41
1

2

votes

1 answer

Anonymity Stack: Home connection -> VPN -> Whonix(Tor) -> Socks5. Few questions on anonymity

So let's assume the following: 1. A host machine running a clean BSD-based OS that has no backdoors, malware, spyware or other potentially de-anonymizing harmful software. 2. One home internet connection from an ISP that keeps a close eye on…

vpn tor opsec

asked Dec 05 '17 at 18:55

Stackexchange_fan

21
1
3

2

votes

1 answer

Why is Pastebin still widely used by malicious actors for sensitive data dumps, given that it's public and easily parsable?

If you scrape Pastebin for research or even just out of curiosity, it quickly becomes apparent that there is an abundance of compromised data that is uploaded there by unknown malicious actors. My question is, why is this still done given that there…

crime opsec

asked Sep 18 '17 at 17:01

Boblicon

131
4

1

vote

1 answer

How do enterprises deal with SSO and Google backing up WiFi credentials?

Single Sign On in a company means that you have one set of credentials for all the services the company uses / provides to their employees. Logically, these credentials might also be usable for Wifi. Benefits for the employee: Only one password to…

sso wpa-enterprise opsec

asked Feb 27 '20 at 09:50

PhilLab

205
1
6

1

vote

2 answers

How to mitigate the risks of using new, third party imported electronic accessories?

As someone who is naturally good at recognizing risk and who are striving to maintain a wholistic view on security, I’m wondering how to evaluate and reduce the risks of hardware accessories (I.e. charging plug-ins, Thunderbolt cables), specifically…

hardware hardening threat-mitigation spyware opsec

asked Aug 25 '18 at 07:45

dopeideas

11
1

1

vote

3 answers

Can an unregistered phone with a prepaid SIM card be traced by the police?

Let's say that someone is using an unregistered phone — I mean just a phone that he bought in another country — with a prepaid SIM card. The person is sending messages only on WhatsApp, without making any calls. After he sends the messages, he…

mobile phone simcard opsec

asked Nov 09 '17 at 22:20

Opi778

21
1
1
3

0

votes

2 answers

Not disclosing the password when tortured?

In Citizenfour, Edward Snowden says: Because some of these documents are legitimately classified, in ways that could cause harm to people and methods... Um, I'm comfortable in my technical ability, uh, to protect them. I mean, you could…

password-management opsec

asked Jul 25 '17 at 18:14

twowo

103
1

0

votes

3 answers

Is there a way to answer security questions privately while in public?

Is there a strategy for answering security questions via telephone modestly securely while in an insecure environment? For example: I am at a coffee shop and am locked out of my account, I call the helpdesk to unlock and they ask for my userID, DOB,…

privacy password-reset account-lockout opsec persec

asked Oct 07 '16 at 20:09

Matthew Peters

3,592
4
21
39

Questions tagged [opsec]