An actor, usually a person, who may attempt to exploit a vulnerability of an exposed system.
Questions tagged [threats]
99 questions
172
votes
9 answers
Is Adblock (Plus) a security risk?
My email-provider's website (http://www.gmx.de) recently started linking to the (German) site http://www.browsersicherheit.info/ which basically claims that due to its capabilities to modify a site's appearance, Adblock Plus (and others) might…
Tobias Kienzler
- 7,578
- 10
- 43
- 66
51
votes
4 answers
Detecting skimmers and other ATM traps
This question has been bothering me ever since I first heard of ATM skimmers:
Instances of skimming have been reported where the perpetrator has put
a device over the card slot* of an ATM (automated teller machine),
which reads the magnetic…
TildalWave
- 10,801
- 11
- 45
- 84
33
votes
7 answers
Is having Steam installed a security risk?
Speaking to one of our security administrators at work, he insists that Steam is a well understood security risk and it shouldn't be installed on work machines.
Saying it's not work related I understand, but is there a genuine security threat from…
Jon Hopkins
- 812
- 1
- 8
- 7
19
votes
2 answers
Encryption and the "security time decay" of prior encrypted data
This question is on the assumption that any data once encrypted, may (eventually) be decrypted through
Brute force (compute power/time)
Exploits in the cryptography used
Theft of private keys
Most threat models, procedures, and business…
makerofthings7
- 50,090
- 54
- 250
- 536
18
votes
6 answers
What is the distinguishing point between a script kiddie and a hacker?
When I think of a script kiddie I think of someone who might barely research a tool then point it at a website - things like the recent question about LOIC come to mind when I think of that. A hacker (either black/white/grey), I imagine, is much…
cutrightjm
- 1,714
- 4
- 18
- 31
18
votes
3 answers
What is the difference between "Incident", "Attack" and "event"?
In the Computer and network security incident taxonomy what are the differences between "Incident", "Attack" and "event"? Where does "threat" fit with them?
Mohammad
- 517
- 6
- 17
16
votes
6 answers
What are a few good lists of threats to use to kick-off conversations with others about what worries them?
To effectively communicate with business owners or executives on security, specifically with how people may harm their business, it often helps to discuss what types of people worry them. What are few good lists to kick-off such conversations?
Tate Hansen
- 13,714
- 3
- 40
- 83
12
votes
5 answers
What are the likely threats to a public-facing DB instance?
Quick intro: Small company, VERY limited resources. I pretty much do everything including take out the trash.
We've been running an instance of MySQL internally for years and it's worked OK, but I think this is largely just good luck. We have…
Steve K
- 221
- 2
- 5
12
votes
4 answers
Resources for data on security incidents
What resources exist to research data on actual security incidents?
I would prefer an online resource but offline resources are acceptable. The cost of access should be less than $100 (US) for access to a statistically significant number of…
this.josh
- 8,843
- 2
- 29
- 51
11
votes
3 answers
Does broken site functionality pose any security threat?
If you are assessing an application as a part of pentesting exercise, how do you deal with broken site functionality? Should the issues be ignored?
Is keeping functional bugs in a system safe?
one
- 1,781
- 3
- 18
- 45
10
votes
2 answers
Is SS7 a threat any more?
I'm reading about an SS7 issue: SS7 flaw allows hackers to spy on every conversation.
It seems to me that any phone on the world can be intercepted so the hacker can listen to your phone call or read your text message. As far as I know, google,…
Phương Nguyễn
- 211
- 1
- 5
9
votes
2 answers
How easy is it, really, to be hacked as an average user?
tl;dr at the bottom
I have been searching around and I haven't been able to find a definitive answer to the question(s). I mainly work with OS X so that will be the base for my questions.
How easy is it to be hacked if you're behind a standard…
ElRojito
- 193
- 4
8
votes
6 answers
Security testing plan template or example
What does a security testing plan look like?
Can anyone point out a template for such a document or an example?
smiley
- 1,214
- 2
- 13
- 21
5
votes
1 answer
Drawbacks of ML in cyber security?
I did some research on the topic (as I'm new to it) and it frankly seems too good to be true. A company called Darktrace for instance, makes use of AI algorithms and ML to autonomously detect threats within the environment.
Say I have an infected…
Marco Neves
- 53
- 4
5
votes
1 answer
What is OSINT (open source intelligence)?
I know about threat intelligence services. I've also read definitions of OSINT but I can't get a tangible feeling of what it actually is.
What are some examples of OSINT services (apart from blacklisted IPs and malware C2s)?
How is OSINT different…
Silverfox
- 3,369
- 2
- 19
- 39