IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
94
votes
15 answers

Why would someone "double encrypt"?

If I have a website or mobile app, that speaks to the server through a secured SSL/TLS connection (i.e. HTTPS), and also encrypt the messages sent and received in-between user and server on top of the already secure connection, will I be doing…
Lighty
  • 2,368
  • 1
  • 23
  • 36
93
votes
10 answers

Why do we not trust an SSL certificate that expired recently?

Every SSL certificate has an expiration date. Now suppose some site's certificate expired an hour ago or a day ago. All the software by default will either just refuse to connect to the site or issue security warnings. This recently happened to…
sharptooth
  • 2,161
  • 1
  • 19
  • 22
93
votes
2 answers

How many OpenPGP keys should I make?

I am learning how to use OpenPGP keys in GnuPG, and I am wondering what is the threshold people generally use to maintain separate OpenPGP keys. Maintaining an incredibly large number of keys is not good since it makes it difficult to be trusted by…
user9117
93
votes
8 answers

Can secret GET requests be brute forced?

Say, I have on my server a page or folder which I want to be secret. example.com/fdsafdsafdsfdsfdsafdrewrew.html or example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html If the secret part of the path is quite long, can I assume…
Kargari
  • 911
  • 1
  • 6
  • 5
93
votes
4 answers

Will quantum computers render AES obsolete?

This is a spin off from: Use multiple computers for faster brute force Here's at least one source which says that quantum computers are on the way to being able to break RSA in the not too distant future. I am not a security expert, and don't know…
BuvinJ
  • 993
  • 1
  • 7
  • 11
93
votes
7 answers

Script Kiddies - how do they find my server IP?

I've set up a site on Digital Ocean without a domain yet, so there is only the IP. Despite telling no-one of its existence or advertising it, I get hundreds of notices from fail2ban that various IP's are trying to hack my SSL port or are looking for…
microwth
  • 2,101
  • 2
  • 14
  • 19
93
votes
3 answers

Does hanging up on a UK landline call not terminate the connection?

AgeUK (and others) warn about making phone calls directly after receiving a scam call and advise you to "wait for the line to clear": Use a different phone if you can, or wait 5 to 10 minutes after the cold call if using the same phone - just in…
Matt Zeunert
  • 953
  • 1
  • 6
  • 8
92
votes
7 answers

How do I know a piece of software only does what the author claims?

Without being a programmer or a computer expert, how can I know if a particular program or any piece of software in general doesn't have hidden unwanted functions compromising privacy and security?
user3533
  • 989
  • 6
  • 7
92
votes
9 answers

Can my company see what HTTPS sites I went to?

At work my company uses internet monitoring software (Websense). I know if I visit a https ssl-encrypted site (such as https://secure.example.com) they can't see what I'm doing on the site since all the traffic is encrypted. But do they see, that I…
IAmARegisteredUser
  • 923
  • 1
  • 7
  • 5
92
votes
6 answers

Why does my IT department block Firefox?

We received a message from the IT bods this week stating: Summary of the issue: IT will disabling and blocking the use of the browser Firefox next Thursday the 03.12.20 on all IT managed devices. Due to certain vulnerabilities and security risks…
Sam
  • 673
  • 1
  • 3
  • 6
92
votes
4 answers

Should I revoke no longer used Let's Encrypt certificates before destroying them?

The Let's Encrypt documentation recommends that when a certificate’s corresponding private key is no longer safe, you should revoke the certificate. But should you do the same if there are no indications that the key is compromised, but you no…
Philipp Claßen
  • 1,024
  • 1
  • 8
  • 15
92
votes
9 answers

Is it a security vulnerability if the addresses of university students are exposed?

I am sorry for my lack of knowledge in this matter. My university (basically an international university in the UK that has students from different countries) has a website which requires the students to login before they can access their…
Ghulam Ali
  • 875
  • 1
  • 6
  • 9
92
votes
4 answers

How does XSS work?

I have very little experience in web development, but I'm interested in security. However, I haven't fully understood how XSS works. Can you explain it to med? The Wikipedia article give me a good idea but I don't think I understand it very well.
Ither
  • 1,039
  • 1
  • 9
  • 9
92
votes
9 answers

Does anybody not store salts?

We talked about password hashing and salting in class today. Our professor had a very different understanding of the use case of salts from mine and said that you might not store the salt at all and just check every login attempt with all possible…
jazzpi
  • 1,039
  • 1
  • 8
  • 6
1 2 3
99 100