IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
92
votes
9 answers

Is it possible make brute-force attacks ineffective by giving false positive answers to failed log-in attempts?

I don't have any experience or scientific knowledge in security, I just wanted to ask if this is possible because I am interested in it. What if I encrypt data and every password decrypts it, but only the right one does not create pointless data…
Tweakimp
  • 891
  • 1
  • 7
  • 8
92
votes
4 answers

I was tricked on Facebook into downloading an obfuscated script

I got a notification on Facebook: "(a friend of mine) mentioned you in a comment". However, when I clicked it, Firefox tried to download the following file: comment_24016875.jse This is an obfuscated script which seems to download an executable…
Nacib Neme
  • 1,194
  • 2
  • 9
  • 11
91
votes
17 answers

Why do we still use keys to start cars? why not passwords?

Around a year ago I have asked a question about the weakest factor of authentication. I have had some good answers that convinced me as I always imagined the authentication process in my head as some employee in a high security facility trying to…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
91
votes
2 answers

What is the relationship between "SHA-2" and "SHA-256"

I'm confused on the difference between SHA-2 and SHA-256 and often hear them used interchangeably (which seems really wrong). I think SHA-2 a "family" of hash algorithms and SHA-256 a specific algorithm in that family. Is that correct? Can someone…
Mike B
  • 3,336
  • 4
  • 29
  • 39
91
votes
6 answers

Best place to store authentication tokens client side

When my users are authenticated they receive an authentication token, I need to use this authentication token to authorize some asp.net WebAPI calls. To do this I need to add the token to the head of that call, so I need the token accessible from…
jfamvg
  • 1,013
  • 1
  • 8
  • 5
91
votes
7 answers

Should I get an antivirus for Ubuntu?

Considering the recent thread regarding anti-virus for the Mac I wonder how many of the arguments put forth are relevant today to Linux systems, specifically Ubuntu. There are no known Ubuntu desktop malware in the wild. GNU/Linux is a very…
dotancohen
  • 3,698
  • 3
  • 24
  • 34
91
votes
2 answers

How secure is Ubuntu's default full-disk encryption?

How secure is the encryption offered by ubuntu (using the disk utility)? What algorithm is used underneath it? If someone could at least provide a link to some documentation or article regarding that I would be very grateful. Reference:
Jonnathan Soares
  • 1,021
  • 1
  • 8
  • 7
91
votes
8 answers

How would one crack a weak but unknown encryption protocol?

I was reading this interesting question: Is my developer's home-brew password security right or wrong, and why? It shows a weak home-brew algorithm developed by "Dave", and the answers discuss why this is a bad idea. (Actually hashing algorithm…
Ram Rachum
  • 1,998
  • 2
  • 17
  • 20
91
votes
12 answers

How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

This question has been revised & clarified significantly since the original version. If we look at each trusted certificate in my Trusted Root store, how much should I trust them? What factors should be taken into consideration when I evaluate the…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
91
votes
5 answers

How does Facebook track your browsing without third party cookies?

Facebook has served me an ad for a website I visited earlier in the day. I have third party cookies disabled and have not followed any links between the website and Facebook (links which could contain a tracking ID connecting my Facebook account to…
Jesse
  • 761
  • 1
  • 6
  • 5
91
votes
15 answers

How to deal with low-probability high-impact risks?

There is a strategic question that we are banging our heads against in my IT department, which essentially boils down to this: There is a type of attack against our systems that can cause a lot of damage if missed or not addressed properly. More…
David Bryant
  • 1,139
  • 2
  • 8
  • 10
91
votes
4 answers

Can a student ID containing an NFC chip be cloned?

The head of our IT department and Networking class in my college has given me and another student a challenge; he told us that if we could clone the NFC tags in our student ID's used to sign in on time, he would give one of us unlimited access to…
myopicflight
  • 951
  • 1
  • 7
  • 4
91
votes
11 answers

Is there a threshold for a password so long it doesn't get any more secure or even becomes insecure?

I always hear "A long password is good, a longer password is better". But is there such a thing as a "Password is so long it is becoming unsafe" or "Password is long enough, making it longer won't matter"? I am interested in the security of the…
Mindwin
  • 1,118
  • 1
  • 8
  • 15
90
votes
4 answers

What is the use of a client nonce?

After reading Part I of Ross Anderson's book, Security Engineering, and clarifying some topics on Wikipedia, I came across the idea of Client Nonce (cnonce). Ross never mentions it in his book and I'm struggling to understand the purpose it serves…
user2014
  • 1,003
  • 1
  • 8
  • 6
90
votes
4 answers

How to determine if a browser is using an SSL or TLS connection?

I want to know whether my browser is using SSL or TLS connection if I see HTTPS. I want to know for IE, Firefox, Chrome and Safari. I want to know the protocol version.
zhtway
  • 1,143
  • 1
  • 8
  • 9
1 2 3
99 100