Highest Voted Questions - IT Security Stack Exchange

90

votes

1 answer

Wiping an SSD with Parted Magic seemed too quick

I'm selling a computer with an SSD (it's a Lenovo ThinkPad Carbon X1). I wiped the drive using Parted Magic. I used the ATA method. I'm not sure what that is but it was the only setting available. It said it would take two minutes but the wipe was…

storage deletion ssd data-remanence

asked Apr 09 '18 at 08:12

user1102550

981
1
10
15

90

votes

10 answers

Why do people tell me not to use VLANs for security?

I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They…

network firewalls vlans

asked Jan 10 '11 at 08:47

jtnire

1,001
1
8
3

90

votes

15 answers

How to store passwords written on a physical notebook?

Answers to the question "How safe are password managers like LastPass?" suggest that storing personal passwords on a physical notebook might be a reasonable option: I know someone who won't use Password Safe and instead has a physical notebook…

passwords password-management obfuscation obscurity physical-access

asked Dec 22 '15 at 12:30

tmh

1,139
1
9
10

89

votes

9 answers

Hardening Linux Server

We have already had questions on here about Hardening Apache, Hardening PHP and Securing SSH. To continue this trend I am interested in what steps people take to harden Linux servers. As in what steps do people always take when setting up a new…

operating-systems configuration linux hardening

asked Dec 06 '10 at 10:04

Mark Davidson

9,367
6
43
61

89

votes

9 answers

How to distinguish between a scam and a genuine call?

My bank called me the other day and the person who spoke to me failed to give me a single evidence that he is calling from my bank. The bank number is hidden just like many other companies maybe because they use VOIP to make calls or they don't…

phishing social-engineering

asked Jun 15 '15 at 17:41

Ulkoma

8,793
16
65
95

89

votes

3 answers

Is TrueCrypt not secure now and should I stop using it?

The official TrueCrypt webpage now states: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in…

truecrypt

asked May 28 '14 at 20:24

user11153

904
2
9
17

89

votes

4 answers

Is there any actual security benefit to restricting foreign IP addresses?

I am currently outside the US trying to log in to my health care provider's website and the connection just times out. I reached out to them on Twitter and they told me that as a security measure they block connections from outside of the US and…

web-application ip geolocation

asked Sep 16 '19 at 16:33

Matthew Nichols

751
1
5
8

89

votes

4 answers

Does the length of a password for Wi-Fi affect speed?

I work at a place that gives Wi-Fi to all the customers, with a password that is 19 characters long. A customer came in and claimed that because the password is long, it slows down the internet speed. Is there any truth to this claim?

passwords wifi performance

asked Aug 05 '19 at 21:06

user213838

571
1
4
4

89

votes

5 answers

Can a malware power on a computer?

I've just downloaded and executed a piece of malware on my computer. I don't have much time right now, so I just powered it off (turned it off via the Start menu), hoping that it won't be able to steal any data or do malicious activities until I can…

malware

asked Feb 12 '19 at 16:21

Benoit Esnard

13,942
7
65
65

89

votes

7 answers

How do I secure my REST API?

In detail here's the problem: I'm building an Android app, which consumes my REST API on the back-end. I need to build a Registration and Login API to begin with. After searching with Google for a while, I feel like there are only two approaches…

rest authentication tls

asked Sep 09 '12 at 08:01

noob Mama

993
1
7
7

89

votes

12 answers

IT will only give password over phone - but is that really more secure than email?

Every year an automated password reset occurs on a VPN account that I use to connect to the institution's servers. The VPN accounts/passwords are managed by the institution's IT department, so I have to send an email every year to follow up with the…

passwords password-policy

asked Aug 16 '18 at 17:39

Chris Cirefice

1,460
2
13
21

89

votes

4 answers

Is browser history an important factor when considering security?

I discovered something I consider a major vulnerability in a SaaS product that includes the username and password in the query string of the URL on registration and every login attempt. The technical support of the service has told me they consider…

web-browser

asked Jan 24 '18 at 12:02

Ivan T.

1,053
1
6
12

89

votes

3 answers

Google account verification request

Yesterday evening my android phone (Google Play Services app) asked me to log in again into my account due to "security changes" (I don't remember the exact wording used). I double checked it was the real app and logged in again (I went through all…

android google account-security

asked Feb 24 '17 at 10:08

BgrWorker

1,941
1
10
17

89

votes

2 answers

Are prepared statements 100% safe against SQL injection?

Are prepared statements actually 100% safe against SQL injection, assuming all user-provided parameters are passed as query bound parameters? Whenever I see people using the old mysql_ functions on StackOverflow (which is, sadly, way too frequently)…

sql-injection

asked May 21 '12 at 15:51

Polynomial

132,208
43
298
379

89

votes

1 answer

Isn't the BBC being extremely irresponsible in describing how to authenticate an account-related email?

On this webpage, the BBC says: I’ve received a ‘Changes to your BBC account’ email claiming to be from the BBC – is this a genuine email? At the end of September 2016, we upgraded our ‘BBC iD’ sign-in system to ‘BBC Account’, and as a result we had…

email phishing

asked Nov 12 '16 at 18:35

Lightness Races in Orbit

2,173
2
14
15

Most Popular