Highest Voted Questions - IT Security Stack Exchange

168

votes

4 answers

What does it mean to "burn a zero-day"?

I noticed a comment on this answer where another user said ...but it requires risking burning a 0day, which people are not always all that willing to do. I did an Internet Search for the phrase "burning a 0day" (and similar permutations like 0…

terminology zero-day

asked Jun 17 '18 at 15:48

YetAnotherRandomUser

2,290
2
14
20

168

votes

4 answers

Where to store a server side encryption key?

I have some data that is symmetrically encrypted with a single key in my database. Rather than hard coding it into my code, I am looking for a safer way to store the encryption key. Where can I safely store it?

encryption key-management

asked Mar 01 '12 at 17:19

Radek

1,783
2
11
5

168

votes

6 answers

Apple's open letter - they can't or won't backdoor iOS?

Apple released an open letter to the public outlining their reasons for not complying with the FBI's demands to modify the iPhone's security mechanism. Here's a summary: The FBI has an iPhone in their possession which they would like to access data…

encryption ios backdoor

asked Feb 17 '16 at 14:27

TTT

9,122
4
19
31

167

votes

6 answers

ECDSA vs ECDH vs Ed25519 vs Curve25519

Among the ECC algorithms available in openSSH (ECDH, ECDSA, Ed25519, Curve25519), which offers the best level of security, and (ideally) why?

ssh encryption

asked Feb 04 '14 at 09:53

Omar

1,773
2
11
5

166

votes

10 answers

How do you explain the necessity of "nuke it from orbit" to management and users?

When a machine has been infected with malware, most of us here immediately identify the appropriate action as "nuke it from orbit" - i.e. wipe the system and start over. Unfortunately, this is often costly for a company, especially if backups are…

malware antivirus risk-management user-education system-compromise

asked Nov 19 '12 at 13:59

Polynomial

132,208
43
298
379

166

votes

5 answers

Password management for kids - what's a good way to start?

Consider a young (primary-school age) child who is starting to collect passwords for online services. How can a parent (or equivalent) help them manage their passwords? An example to make things clearer: My daughter might want to log on to…

password-management

asked Aug 01 '19 at 15:00

Chris H

4,185
1
16
22

166

votes

11 answers

Is visiting HTTPS websites on a public hotspot secure?

It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone sniffs my packets, they will need zillions of…

tls web-browser wifi

asked Jan 09 '11 at 10:31

Calmarius

1,905
2
12
6

165

votes

3 answers

What are rainbow tables and how are they used?

Where can I find one? Is there a pot of gold at the end? How do I protect against them? From the Area51 proposal This question was IT Security Question of the Week. Read the Sep 09, 2011 blog entry for more details or submit your own Question of…

cryptography hash attacks attack-prevention rainbow-table

asked Nov 16 '10 at 07:26

AviD

72,138
22
136
218

165

votes

8 answers

Why is Mother’s Maiden Name still used as a security question?

From time to time, some web sites asks to enter a security question and an answer for it. The question list is standard and it usually includes "What is your mother's maiden name?". Some people use their mother's real maiden name so that they are…

authentication secret-questions

asked May 16 '18 at 14:19

Alexei

2,183
3
9
23

164

votes

5 answers

How can USB sticks be dangerous?

We all know the story of the USB drive left outside a power plant which was found by a worker and inserted into a computer to see the contents which then allowed a hack to ensue. Here is my question, how? I get that code is executed but how? I would…

malware virus usb-drive

asked Oct 16 '15 at 08:13

TheHidden

4,265
3
21
40

163

votes

8 answers

What are the implications of NSA surveillance on the average internet user?

It would appear as though the tinfoil hat-wearing were vindicated today, as news broke of the true scale of the U.S. government's surveillance of its citizens' online activities, conducted primarily through the NSA and seemingly beyond the realm of…

privacy legal government surveillance

asked Jun 07 '13 at 02:31

nitrl

3,003
4
20
23

163

votes

4 answers

Difference between .pfx and .cert certificates

What is the difference between .pfx and .cert certificate files? Do we distribute .pfx or .cert for client authentication?

tls certificates

asked Jan 21 '13 at 10:24

Xsecure123

1,753
2
11
8

163

votes

2 answers

I found unknown PHP code on my server. How do I de-obfuscate the code?

We've been getting a lot of noise regarding hacked PHP files here, and it's taking a lot of time to answer these questions. In many cases, they are off-topic. We've had a discussion about this on Information Security Meta, and many people want these…

php incident-response obfuscation websites

asked Feb 23 '16 at 07:13

Mark Buffalo

22,498
8
74
91

162

votes

2 answers

What is DROWN and how does it work?

There is a new recent attack "on TLS" named "DROWN". I understand that it appears to use bad SSLv2 requests to recover static (certificate) keys. My question is: How? How can you recover static encryption or signature keys using SSLv2? Bonus…

tls openssl attack-prevention

asked Mar 01 '16 at 13:30

SEJPM

9,500
5
35
66

161

votes

14 answers

What is the safest way to deal with loads of incoming PDF files, some of which could potentially be malicious?

As an investigative journalist I receive each day dozens of messages, many of which contain PDF documents. But I'm worried about some of the potentially malicious consequences of blindly opening them and getting my computer compromised. In the past,…

malware virus antivirus antimalware pdf

asked Feb 14 '17 at 10:04

Tom the journalist

1,289
2
8
9

Most Popular