Highest Voted Questions - IT Security Stack Exchange

106

votes

10 answers

Prevention measures against laptop seizure at US borders

Since laptop and other electronic device seizures at US borders became legal without a warrant (including making copies of data), 7% of ACTE's business travelers reported being subject to a seizure as far back as February 2008. What measures have IT…

disk-encryption corporate-policy protection

asked May 11 '15 at 05:53

Dan Dascalescu

1,945
2
15
23

106

votes

8 answers

Ex-contractor published company source code and secrets online

Just found my current company code on the plain internet. We are talking hundreds of thousands of lines of scripts and configurations, including database schemas and a fair amount of internal information. Looks like an archive of some project(s),…

data-leakage legal infoleak

asked Aug 09 '19 at 10:57

user5994461

1,216
3
12
11

106

votes

7 answers

School performs periodic password audits. Is my password compromised?

My university sent me an email informing me that, during a "periodic check", my password was found to be "easily discoverable and at risk of compromise". As I understand it, there shouldn't be a way for them to periodically check my password unless…

password-management

asked Mar 05 '19 at 18:11

GB1553

833
2
5
8

106

votes

5 answers

Is sending password to user email secure?

How secure is sending passwords through email to a user, since email isn't secured by HTTPS. What is the best way to secure it? Should i use encryption?

encryption passwords cryptography hash email

asked Aug 01 '12 at 10:18

user310291

1,413
2
12
13

105

votes

11 answers

Best practices for Apache Server hardening?

What are some best practices, recommendations, required reading for securing an Apache Server?

webserver hardening configuration apache

asked Nov 11 '10 at 23:08

Eric Warriner

3,251
3
24
20

105

votes

10 answers

Why is blog spam always written so badly?

Some spam messages fresh from my Wordpress filter: Asking questions are in fact pleasant thing if you are not understanding something totally, except this article gives good understanding yet. and Thanks for any other informative blog. Where…

spam

asked Jun 13 '13 at 17:33

Lucas

1,019
2
7
9

105

votes

4 answers

Suspicious GitHub fork

Update (April 15): The forked repo and the user do not exist any more. Yesterday, one of my GitHub projects was forked and there is a suspicious commit on the fork of the repo. As you can see from the commit the GitHub Actions configuration installs…

github

asked Apr 14 '21 at 07:21

Giorgi

883
2
3
12

105

votes

3 answers

How are anti viruses so fast?

The common anti-virus (to my knowledge) uses a kind of brute force type method where they get the hash of the file and compare it to thousands of known virus' hash. Is it just they have servers with super fast SSD and they upload the hashes to that…

virus antivirus

asked Nov 11 '17 at 22:41

Harry

983
2
7
8

105

votes

14 answers

Could keystroke timing improve security on a password?

When I was young, and had just started out in my software-development career 20 years ago, I wrote a little bit of code on my Amiga that took a password, but also recorded (within some threshold), the speed at which each letter of a password was…

passwords

asked Apr 28 '16 at 19:31

Moo-Juice

1,132
2
8
8

104

votes

12 answers

Why is client-side hashing of a password so uncommon?

There are very few websites that hash the users password before submitting it to the server. Javascript doesn't even have support for SHA or other algorithms. But I can think of quite a few advantages, like protection against cross-site leaks or…

authentication passwords hash password-cracking account-security

asked Mar 18 '14 at 10:18

Maestro

1,153
2
8
8

104

votes

7 answers

Is MD5 considered insecure?

After all these articles circulating online about md5 exploits, I am considering switching to another hash algorithm. As far as I know it's always been the algorithm of choice among numerous DBAs. Is it that much of a benefit to use MD5 instead of…

hash md5 software secure-renegotiation

asked Sep 08 '12 at 17:21

Tawfik Khalifeh

2,532
6
22
27

104

votes

3 answers

Why do we trust US Certificate Authorities?

Why do people trust companies in countries with big surveillance programs like the US? Many US Certificate Authorities secure the web for live SSL/TLS connections. Still, a NSL would be enough for the government to gain the right to intercept the…

certificate-authority

asked Nov 06 '17 at 00:38

Richard R. Matthews

1,139
2
9
13

104

votes

2 answers

Can a rogue .wmv file "hijack" Windows Media Player?

I've downloaded a .wmv file using P2P. Attempting to play it with Media Player Classic (K-Lite Codec Pack) only gave me a green square in the playback window: I noticed that the video came with a readme file, however; I found the following…

windows virus

asked Nov 22 '15 at 15:27

user4520

1,027
2
8
9

103

votes

19 answers

How to explain to traditional people why they should upgrade their old Windows XP device?

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time…

exploit defense updates user-education

asked Nov 16 '19 at 20:06

gaazkam

5,607
11
24
37

103

votes

1 answer

In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?

There are many questions about picking a hash function, including How to securely hash passwords? or Are there more modern password hashing methods than bcrypt and scrypt?, with very detailed answers, but most of them date quite a bit. The consensus…

passwords hash bcrypt scrypt argon2

asked Sep 10 '18 at 00:59

jcaron

3,365
2
15
22

Most Popular