Highest Voted Questions - IT Security Stack Exchange

103

votes

4 answers

Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

Lots of different programs, such as Darik's Boot and Nuke, let you write over a hard drive multiple times under the guise of it being more secure than just doing it once. Why?

data-leakage deletion storage

asked Jan 07 '12 at 18:58

Tom Marthenal

3,272
4
22
26

102

votes

10 answers

Unsubscribe safely

I have heard that is better to never click to any link in an email. Is it a bad idea to click to a unsubscribe link? What is the best way to unsubscribe to undesired mails?

email spam

asked Jun 30 '15 at 09:22

Nrc

1,153
2
7
7

102

votes

8 answers

How can I reliably erase all information on a hard drive?

As storage technologies change over time, using different encodings and remappings to deal with sector errors, the best way to permanently erase/wipe/shred data changes also. Methods for flash drives and other solid-state drives are covered nicely…

hardware data-leakage destruction deletion storage

asked Jul 28 '11 at 14:40

nealmcb

20,544
6
69
116

102

votes

5 answers

Can I safely preview a short link?

There are a lot of different URL shorteners out there, like Bitly or TinyURL. Besides their main purpose of shortening a link, they also: obfuscate the actual URL collect statistics about the usage of the short link From the obfuscation, at least…

url-redirection url obfuscation

asked Sep 22 '21 at 06:55

stackprotector

1,621
3
6
15

102

votes

4 answers

Why is this 435 × 652 pixel JPEG over 6 MB?

This was, before someone helpfully fixed it after seeing this question, a relatively unassuming and tiny photo of a ̶f̶i̶s̶h̶ nudibranch, with 283,620 pixels. It has some metadata: text Exif tags as well as 8.6kB of Color Profile information, and a…

forensics obfuscation steganography

asked May 18 '20 at 11:05

David

782
2
5
9

102

votes

9 answers

Buying a "Used" Router

I am buying a "new" router from an open-box sale at a company that liquidates eCommerce returns. Plan to use it for a home network at cottage. I'm a bit nervous that it could have been modified by whoever had it last. What are the main risks in…

hardware router firmware reinstall

asked Feb 19 '19 at 17:23

GWR

1,203
2
9
11

102

votes

8 answers

Can someone read my E-Mail if I lose ownership of my domain?

Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like…

email domain

asked Jan 03 '19 at 05:20

Skiddie Hunter

1,098
2
5
12

102

votes

16 answers

Security BY obscurity is horrible. Is security AND obscurity good?

Normally I preach that rolling your own custom crypto algorithm is a bad idea. But will it really hurt if it's the outermost layer though? Or will it make security worse? AES -> CipherText -> CustomEncryptionAlgorithm-> CipherText I'm thinking…

cryptography obscurity

asked May 30 '18 at 18:11

user3280964

1,130
2
7
13

102

votes

13 answers

Why is root security enforced but $HOME typically unprotected?

Coming from the comments in this question Why is it bad to log in as root?: The sudo mechanics is in use so non-administrative tools "cannot harm your system." I agree that it would be pretty bad if some github project I cloned was able to inject…

linux permissions sudo root

asked Feb 26 '18 at 16:00

phil294

1,032
2
6
11

102

votes

6 answers

What is the purpose of confirming old password to create a new password?

Suppose that someone stole my password, he/she can easily change it by confirming the old password. So, I am curious that why do we need that step and what is the purpose of using old password confirmation?

passwords password-policy account-security

asked Jun 15 '17 at 09:33

ronaldtgi

1,215
3
10
14

101

votes

5 answers

How can my employer be a man-in-the-middle when I connect to Gmail?

I'm trying to understand SSL/TLS. What follows are a description of a scenario and a few assumptions which I hope you can confirm or refute. Question How can my employer be a man-in-the-middle when I connect to Gmail? Can he at all? That is: is it…

encryption tls authentication man-in-the-middle

asked Jul 17 '14 at 08:52

Lernkurve

1,134
3
9
10

101

votes

8 answers

Why do ATMs accept any PIN?

The other day I tried to withdraw some cash from an ATM in a hurry and punched in a wrong pin. I realized that only when I hit the "ok" button, but to my surprise the ATM did not complain. It showed the usual menu, asking me to select an operation.…

atm

asked Jul 01 '14 at 08:52

Andrew Savinykh

1,630
3
14
22

101

votes

3 answers

Why is Sojdlg123aljg a common password?

I was going through the list of top 100K passwords and found Sojdlg123aljg near the top of the list. Does anyone have any idea why this is such a common password?

passwords password-management password-cracking password-policy

asked Sep 05 '19 at 03:00

azoundria

743
2
5
7

101

votes

3 answers

Token-based authentication - Securing the token

I have developed a backend REST API for a mobile app and I am now looking to implement token-based authentication for it to avoid having to prompt the user to login on every run of the app. What I had in mind was on the initial request the user…

authentication

asked Sep 03 '12 at 11:55

James

1,698
3
13
18

101

votes

5 answers

Someone is trying to brute-force(?) my private mail server... very... slowly... and with changing IPs

This has been going on for about 1-2 days now: heinzi@guybrush:~$ less /var/log/mail.log | grep '^Nov 27 .* postfix/submission.* warning' [...] Nov 27 03:36:16 guybrush postfix/submission/smtpd[7523]: warning: hostname bd676a3d.virtua.com.br does…

attacks firewalls brute-force

asked Nov 27 '17 at 07:22

Heinzi

2,914
2
21
25

Most Popular