IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
132
votes
10 answers

Should I contact the manufacturer if their product allows access to other users' location information?

I recently purchased a satellite communicator that allows me to send a map of my location to friends and family while I'm hiking in the wilderness. While testing out my product, I noticed that the url was constructed as…
Lil' Bits
  • 1,153
  • 2
  • 8
  • 9
131
votes
3 answers

This JavaScript code is injected on my hotel Wi-Fi: should I be worried?

While connected to my hotel Wi-Fi, visiting the URL http://www.google-analytics.com/ga.js results in the following content being served: var ga_exists; if(!ga_exists) { ga_exists = 1; var is_responsive = false; var use_keywords =…
foodiddy
  • 1,051
  • 2
  • 8
  • 4
131
votes
9 answers

What stops Google from saving all the information on my computer through Google Chrome?

I noticed that in Google Chrome, if I type in file:///C:/Users/MyUsername/Desktop/ it shows me all of the folders on my Desktop, and I can type open up PDFs and such in chrome just by typing in the file path. What processes and systems are in place…
Pro Q
  • 1,349
  • 2
  • 7
  • 10
131
votes
20 answers

How should I securely type a password in front of a lot of people?

I am a manager in an office where the company does not provide a company email, so I use my personal email. Often, I will receive jobs lists by email from my general manager. How should I log in to my email in front of my co-workers so that they…
Annalise Carla
  • 1,355
  • 2
  • 9
  • 7
130
votes
7 answers

Why is my internal IP address (private) visible from the Internet?

When visiting some websites like http://www.monip.org or http://ip-api.com, I get the following result: Your current IP Address - IP: 197.158.x.x - Internal IP: 192.168.x.x I understand that I can see my public IP address (197.158.x.x).…
Lova Andrian
  • 1,233
  • 2
  • 9
  • 7
130
votes
4 answers

Is there any particular reason to use Diffie-Hellman over RSA for key exchange?

I often see RSA being recommended as a method of key exchange. However, the Diffie-Hellman key exchange method appears to be secure as well. Is there any considerations one should take into account that would lead to using one algorithm over the…
user10211
129
votes
5 answers

How do I use "openssl s_client" to test for (absence of) SSLv3 support?

In order to mitigate the "Poodle" vulnerability, I'd like to disable SSLv3 support in my (in this case, TLS, rather than HTTPS) server. How can I use openssl s_client to verify that I've done this?
Roger Lipscombe
  • 2,307
  • 3
  • 14
  • 20
129
votes
11 answers

Are password-protected ZIP files secure?

Following my answer. If I can list contents of a password-protected ZIP file, check the file types of each stored file and even replace it with another one, without actually knowing the password, then should ZIP files be still treated as…
trejder
  • 3,329
  • 5
  • 23
  • 33
129
votes
11 answers

Can my employer see what I do on the internet when I am connected to the company network?

This is an attempt at a canonical question following this discussion on Meta. The aim is to produce basic answers that can be understood by the general audience. Let's say I browse the web and use different apps while connected to the network at…
INV3NT3D
  • 3,977
  • 3
  • 14
  • 25
129
votes
11 answers

Is there any way to safely examine the contents of a USB memory stick?

Suppose I found a USB memory stick lying around, and wanted to examine its contents in an attempt to locate its rightful owner. Considering that USB sticks might actually be something altogether more malicious than a mass storage device, is there…
200_success
  • 2,144
  • 2
  • 15
  • 20
128
votes
4 answers

What are the security reasons for disallowing the plus sign in email addresses?

My question is based on this tweet after I commented about forbidding + symbols in email addresses. The tweet says, "This is a measure we've taken for security reasons." This can be frustrating and inconvenient for people that have (or use) plus…
Matt
  • 3,192
  • 2
  • 21
  • 26
128
votes
3 answers

Should I be worried of tracking domains on a banking website?

Finland's largest bank OP (former Osuuspankki) has added tracking domains (all three owned by Adobe) in their website redesign: These domains are loaded when signed in: 2o7.net demdex.net omtrdc.net Is this considered acceptable? What information…
user598527
  • 1,303
  • 2
  • 9
  • 16
127
votes
7 answers

Why use OpenID Connect instead of plain OAuth2?

I just started to use OAuth 2.0 as a way to authenticate my users. It works great - I just use the identity/profile API of each provider to get a validated email address of the user. Now I read about OpenID Connect and am a little bit confused.…
rdmueller
  • 2,413
  • 3
  • 18
  • 17
127
votes
8 answers

Why is storing passwords in version control a bad idea?

My friend just asked me: "why is it actually that bad to put various passwords directly in program's source code, when we only store it in our private Git server?" I gave him an answer that highlighted a couple of points, but felt it wasn't…
d33tah
  • 6,524
  • 8
  • 38
  • 60
127
votes
2 answers

How do ASLR and DEP work?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?
Polynomial
  • 132,208
  • 43
  • 298
  • 379
1 2 3
99 100