Highest Voted Questions - IT Security Stack Exchange

96

votes

6 answers

Why would someone open a Netflix account using my Gmail address?

This is something that happened to me a few months ago. I don't know if it is a hack attempt, although I can't think of any way that there could be any danger or any personal information gained. I don't have a Netflix account and never have done. …

email account-security

asked May 12 '19 at 15:01

user2760608

873
1
5
7

96

votes

7 answers

Why would an attacker ever want to sit on a zero-day exploit?

I am trying to understand why an attacker would want to wait to use a zero-day exploit. I have read that an attacker does not want to waste the zero-day because they are typically very expensive to obtain in the first place, but it is not clear to…

zero-day

asked Dec 03 '18 at 00:33

jonem

959
1
6
7

96

votes

6 answers

Is it safe to let a user type a regex as a search input?

I was in a mall a few days ago and I searched for a shop on an indication panel. Out of curiosity, I tried a search with (.+) and was a bit surprised to get the list of all the shops in the mall. I've read a bit about evil regexes but it seems that…

denial-of-service regex

asked Aug 06 '18 at 00:04

Xavier59

2,874
3
17
34

96

votes

10 answers

How would disabling IPv6 make a server any more secure?

I was reading this article about hardening security on Linux servers, and in point #23, the article says: #23: Turn Off IPv6 Internet Protocol version 6 (IPv6) provides a new Internet layer of the TCP/IP protocol suite that replaces Internet…

linux ipv6

asked Mar 20 '18 at 20:02

vakus

3,743
3
20
32

96

votes

5 answers

What is the specific reason to prefer bcrypt or PBKDF2 over SHA256-crypt in password hashes?

We know that to slow down password cracking in case a password database leak, passwords should be saved only in a hashed format. And not only that, but hashed with a strong and slow function with a possibility to vary the number of rounds. Often…

passwords hash bcrypt

asked Aug 08 '16 at 12:21

ilkkachu

2,086
1
11
15

96

votes

6 answers

Should passwords be automatically reset when the underlying method changes

I'm currently an engineer on a project in development phase. One 'module' on this project gives the ability for user authentication/authorization. However it's come to our concern that the password hashing algorithm may not be up to cop (aka not…

password-management user-management

asked Mar 21 '16 at 14:03

Crazy Dino

1,517
11
12

96

votes

6 answers

How do you destroy an old hard drive?

How do you destroy an old hard drive? To be clear, unlike questions Secure hard drive disposal: How to erase confidential information and How can I reliably erase all information on a hard drive? I do not want to erase the data and keep the hard…

hardware data-leakage risk-management destruction

asked Feb 02 '12 at 14:09

Xonatron

1,063
1
7
7

95

votes

3 answers

What is the purpose of the rotating plate in front of the lock?

I am now in Poland and see these everywhere: The plate can rotate freely,when you insert the key, matching the groove, you rotate the key so it is aligned with the lock and then insert the key. What is the purpose of this?

physical physical-access locks

asked Sep 05 '19 at 10:52

Thomas

831
1
6
6

95

votes

5 answers

How do services with high uptime apply patches without rebooting?

How are critical security updates installed on systems which you cannot afford to reboot but the update requires a reboot. For example, services/businesses that are required to run 24x7 with zero downtime, e.g. Amazon.com or Google.

updates patching

asked Oct 24 '18 at 06:24

secureninja

851
1
6
5

95

votes

13 answers

Company computers for competent developers, how can you deal with them?

This is a follow up on Is there a legitimate reason I should be required to use my company’s computer. Mostly, because I see a huge issue in a couple of specific situations. Had I been in a position of the security engineer for an organization I…

virtualization corporate-policy

asked Aug 30 '16 at 15:19

grochmal

5,677
2
19
30

95

votes

5 answers

Why do you have to be an admin to create a symlink in Windows?

In linux every user can create symlinks, but in Windows I need an admin command line, or mklink fails. Why is that?

windows permissions

asked Dec 29 '11 at 08:50

ripper234

1,126
1
8
11

94

votes

5 answers

Are there any downsides to using Let's Encrypt for a website's SSL certificates?

On the advantages side, I see several benefits to using the Let's Encrypt service (e.g., the service is free, easy to setup, and easy to maintain). I'm wondering what, if any, are the disadvantages to using Let's Encrypt? Any reasons why website…

tls certificates webserver certificate-authority letsencrypt

asked Jun 06 '15 at 13:54

Dolan Antenucci

1,083
1
7
5

94

votes

4 answers

What are the career paths in the computer security field?

What sorts of jobs are there, in which organizations, with what sorts of day-to-day responsibilities? What areas are good for folks coming out of school, vs what are good 2nd careers for experienced folks coming from various disciplines?

people-management career

asked May 12 '11 at 22:02

nealmcb

20,544
6
69
116

94

votes

3 answers

Stack Overflows - Defeating Canaries, ASLR, DEP, NX

To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an attacker could possibly bypass these protection…

exploit known-vulnerabilities buffer-overflow

asked Sep 21 '12 at 13:09

sudhacker

4,260
5
23
34

94

votes

4 answers

Chrome generated passwords not high entropy?

On Chrome, if you open a sign up page, it will offer to fill and remember the password field. I did this and got the following sequence of passwords offered as…

passwords chrome entropy

asked Aug 01 '18 at 16:59

gngdb

853
1
6
6

Most Popular