IT Security Stack Exchange
IT Security Stack Exchange

Most Popular

more tags
1500 questions
143
votes
3 answers

What's the purpose of DH Parameters?

For a Diffie–Hellman (D-H) key exchange (TLS) the server generates a prime p and a generator g, which is a primitive root modulo p. When setting up a webserver with SSL/TLS (e.g. nginx) one can use a directive ssl_dhparam dhparam4096.pem The…
Ben Richard
  • 3,646
  • 5
  • 19
  • 18
143
votes
8 answers

Secure way of masking out sensitive information in screenshots?

As a guy working in security/pentest, I regularly take screenshots of exposed passwords/sensitive information. Whenever I report these, I mask parts or complete info as in the sample given below I often wonder, is it possible for someone to…
xandfury
  • 1,351
  • 3
  • 10
  • 19
143
votes
9 answers

Hosting company advised us to avoid PHP for security reasons. Are they right?

I'm doing a redesign for a client who's understandably concerned about security after having been hacked in the past. I had initially suggested using a simple PHP include for header and footer templates and a contact form they wanted. They are…
Yumecosmos
  • 1,373
  • 2
  • 9
  • 8
142
votes
8 answers

How do I report a security vulnerability about a trusted certificate authority?

I stumbled across a huge security vulnerability in a Certificate Authority that is trusted by all modern browsers and computers. Specifically, I am able to get a valid signed certificate for a domain I don't own. If I had the means to become a Man…
MotorStoicLathe
  • 1,041
  • 2
  • 8
  • 8
142
votes
14 answers

What "hacking" competitions/challenges exist?

I have always enjoyed trying to gain access to things I'm not really supposed to play around with. I found Hack This Site a long time ago and I learned a lot from it. The issue I have with HTS is that they haven't updated their content in a very…
KilledKenny
  • 1,672
  • 4
  • 19
  • 28
142
votes
12 answers

Is public Wi-Fi a threat nowadays?

In my opinion, arguments we have been using for years to say that public Wi-Fi access points are insecure are no longer valid, and so are the recommended remedies (e.g. use VPN). Nowadays, most sites use HTTPS and set HSTS headers, so the odds that…
user15194
142
votes
9 answers

To sufficiently protect against KRACK is patching the client, the AP, or both, required?

Following on from this question, I am unclear on which of the following steps are sufficient to protect a WPA2-based wifi connection from the KRACK flaw: Patching the AP (e.g. router) Patching the client (e.g. mobile device) Patching the AP and the…
Jon Bentley
  • 2,071
  • 2
  • 15
  • 16
141
votes
3 answers

Did I just get DNS Hijacked?

I went online on my Macbook today and noticed my iTunes complaining that it couldn't connect to Apple, I tried logging out and in of my account but weirdly it said it couldn't log in; I didn't think much of it at first as I thought maybe it was…
Imran
  • 1,015
  • 2
  • 8
  • 9
141
votes
5 answers

Is it secure to store passwords with 2 way encryption?

I'm a parent who has a parent account with my local school district so that I can log in to their website to view my child's grades etc. I clicked the "forgot password' button, and my password was emailed to me in plain text. This concerned me, so…
43Tesseracts
  • 1,083
  • 2
  • 7
  • 6
141
votes
11 answers

Is it completely safe to publish an ssh public key?

I use a RSA key to log into remote servers with ssh. And I keep my dot files under version control in a publicly accessible place so that I can quickly setup new servers to work the way I like. Right now I don't have my .ssh directory under version…
Brian
  • 1,381
  • 2
  • 8
  • 6
140
votes
17 answers

Is exploit-free software possible?

I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their software, eventually there will be no vulnerabilities,…
Zheer
  • 1,165
  • 3
  • 9
  • 10
139
votes
2 answers

Received a set of SMS/MMS containing 2 photos, a voice message, and a text "I need help" with Google Maps link from a known contact. Is it spam?

My girlfriend (let's call her Jane) just got a set of SMS or MMS messages coming from a friend of her (let's call her Hellen). These messages contain: Two photos of Hellen A voice message A text that says "I need help" followed by a Google Maps…
ravasaurio
  • 1,221
  • 2
  • 7
  • 9
139
votes
9 answers

Where can I find good dictionaries for dictionary attacks?

I’m wondering where I can find good collections of dictionaries which can be used for dictionary attacks? I've found some through Google, but I’m interested in hearing about where you get your dictionaries from.
Chris Dale
  • 16,151
  • 10
  • 59
  • 97
139
votes
8 answers

I got an email threatening to DDOS me if I don't pay a ransom. What should I do?

I received the following email, addressed to me at an email address on my personal domain (for which I run my own mail server on a VPS): FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective.…
alexw
  • 1,289
  • 2
  • 9
  • 13
138
votes
2 answers

What is 'tabnabbing'?

Wikipedia is not very explicit on this, The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time. What is 'tabnabbing', how does one do it?
Matas Vaitkevicius
  • 1,335
  • 2
  • 9
  • 12
1 2 3
99 100