Highest Voted Questions - IT Security Stack Exchange

40

votes

8 answers

Isn't "Dave's protocol" good if only the database, and not the code, is leaked?

I've read "Is my developer's home-brew password security right or wrong, and why?", but there's still a question in my mind: Even if someone uses a bad, home-brewed security algorithm just like Dave, an attacker can't get the real password if the…

passwords hash

asked Jul 01 '19 at 08:49

Rick

1,027
1
8
21

40

votes

4 answers

How to protect printers from being hacked

Recently it got to my attention that someone has hacked around 50,000 printers and used them to print the message they wanted to. (link) As someone who doesn't have a lot of knowledge about networks or hacking, what would be the steps to take to…

protection printers

asked Dec 06 '18 at 09:58

aMJay

3,615
5
11
20

40

votes

5 answers

How should source code security be checked?

How to check whether the source code of an open-source project contains no malicious content? For example, in a set of source code files with altogether 30,000 lines, there might be 1-2 lines containing a malicious statement (e.g. calling curl…

malware source-code tools

asked Oct 26 '18 at 12:37

tonychow0929

2,247
3
13
14

40

votes

3 answers

How to safeguard physical keys stored in a fire dept. lockbox?

The workplace has a physical access key stored in a fire department lockbox (sometimes called a Knox Box), how it's possible to mitigate the risk that the Knox Box gets picked, or that an unauthorized key may exist? What could the local fire…

physical-access

asked Apr 17 '18 at 14:49

jth

726
6
10

40

votes

7 answers

Does password protecting an archived file actually encrypt it?

For example if I use WinRAR to encrypt a file and put a password on the archive how secure is it? I keep a personal journal and am thinking of doing this, or is there a better way? It's just one huge .docx file.

file-encryption

asked Aug 08 '12 at 09:05

Celeritas

10,039
22
77
144

40

votes

1 answer

How does the attacker know what algorithm and salt to use in a dictionary attack?

I am curious about password cracking methods like dictionary and brute force attacks. Nowadays passwords are stored as hashes and not plaintext on the server. Then how can the plaintext passwords in the dictionary be compared with the hashes in the…

hash brute-force password-cracking salt dictionary

asked Feb 26 '18 at 12:02

andjava

578
1
5
7

40

votes

6 answers

How "scrambled" is the data on a RAID5 disk?

My concern is the disposal of a replaced disk from a private RAID5 disk array. I have had to replace a disk from my personal RAID5 disk-array. It had started developing errors, so out it went. But now, I have this disk lying on my desk and that…

linux physical

asked Jan 08 '18 at 16:10

Mausy5043

511
4
6

40

votes

4 answers

Is demanding a "donation" before disclosing vulnerabilities black hat behavior?

We have been contacted by an "independent security researcher" through the Open Bug Bounty project. First communications were quite OK, and he disclosed the vulnerability found. We patched the hole and said "thank you", but declined to pay a…

disclosure black-hat white-hat

asked Oct 30 '17 at 10:14

Jacco

7,402
4
32
53

40

votes

5 answers

Is it safe to upload & scan personal files on VirusTotal?

I had an idea to make a plugin for one of my email clients where my users will be able to upload & scan attachments using VirusTotal service, but then again I was worried about their privacy and security of uploading personal files which may have…

privacy

asked Aug 18 '17 at 04:54

Mirsad

10,005
8
33
53

40

votes

8 answers

Why do password strength requirements exist?

Password strength is now everything, and they force you to come up with passwords with digits, special characters, upper-case letters and whatnot. Apart from being a usability nightmare (even I as a developer hate it when a website requires a…

passwords password-management password-policy entropy

asked Jun 25 '12 at 10:54

Bozho

1,173
1
10
12

40

votes

3 answers

How do hacking groups register domains remaining anonymous?

Let's take lulzsec as an example; they registered lulzsecurity.com. There are two problems that I don't understand how they solved: They had to pay for it. Tracking down money is generally much easier than tracking down IP addresses. I assume they…

black-hat dns-domain

asked Jun 25 '12 at 13:00

Andreas Bonini

591
1
4
10

40

votes

6 answers

Why is external access to a server via SSH considered insecure?

I recently had a conversation with my boss and an IT contractor that they use. My request to allow outside access to a machine on the network via SSH was denied on the grounds that SSH is insecure. I asked for an explanation and unfortunately did…

network ssh

asked Mar 25 '17 at 04:52

user142998

40

votes

3 answers

What security measure one should implement before executing user uploaded files?

I want to make a little programming puzzle on my website. There's going to be a task. The user will be asked to upload a C++ source file with their solution. The file should be compiled, run with some input and checked if it produces right output.…

c++ compiler

asked Feb 06 '17 at 01:30

Jen

503
4
5

40

votes

4 answers

Are CVE counts a good indicator of a software's security?

Looking at the count of CVE reports by product, I'm tempted to use it as an indicator of which programs are the most secure, and choose the ones I install accordingly. But I wonder if these numbers are misleading. For example, the Linux kernel is…

cve

asked Jan 03 '17 at 14:35

Hey

1,905
1
16
23

40

votes

11 answers

Can software passwords be bypassed by reverse engineering?

Let's say, on any software (that is installed on Client-Side OS), is it possible, to alter the software in such way (i.e. Zip Passwords) so for incorrect input it redirected to correct "result", like: Is it possible to alter software logic to…

reverse-engineering

asked Dec 10 '16 at 18:05

T.Todua

2,677
4
19
28

Most Popular