Highest Voted Questions - IT Security Stack Exchange

138

votes

7 answers

Internet courtship: Why would a hacker buy me poker chips?

Believe me, I never expected to ever write a title like that on a Stack Exchange site either! Yesterday evening I got a call from my mother. She is quite tech savvy and generally knows her way around spam and viruses. However, yesterday she was…

asked Apr 14 '16 at 06:57

Bram Vanroy

991
2
6
9

138

votes

8 answers

Are "man in the middle" attacks extremely rare?

In "Some thoughts on the iPhone contact list controversy and app security", cdixon blog Chris Dixon makes a statement about web security Many commentators have suggested that a primary security risk is the fact that the data is transmitted in plain…

asked Feb 22 '12 at 19:36

Jeff Atwood

4,564
6
27
29

137

votes

11 answers

Why not allow spaces in a password?

"Your password can't contain spaces." is a message I see from some websites, including 1 . Why? (This question is very similar to Why Disallow Special Characters In a Password? , but the answers there don't seem to apply to the space…

asked Mar 15 '13 at 16:12

David Cary

2,740
4
21
20

137

votes

8 answers

How hard is it to intercept SMS (two-factor authentication)?

A lot of two-factor authentication mechanisms use SMS to deliver single-use passphrase to the user. So how secure is it? Is it hard to intercept the SMS message containing the passphrase? Do mobile networks use any kind of encryption on SMS? I found…

asked Feb 08 '12 at 02:41

Paul Podlipensky

2,847
4
23
26

136

votes

19 answers

Is it common to allow local desktop and/or active directory admin access and rights for developers in organizations?

I work at a company with a staff of about 1000+. We currently have programming development staff that work on web based projects (approx 50 people). Recently due to security concerns our IT and Security department implemented a restriction no…

asked Jul 16 '18 at 02:06

TroySteven

1,349
2
9
11

136

votes

10 answers

Can a computer virus be stored somewhere else than on the hard drive?

Are there viruses that have managed to hide themselves somewhere other than on the hard drive? Like CPU cache or on the motherboard? Is it even possible? Say I get a virus, so I get rid of the HDD and install a new one. Could the virus still be on…

virus

asked Apr 21 '16 at 09:06

Ivan Bilan

1,241
2
9
10

136

votes

8 answers

Why are programs written in C and C++ so frequently vulnerable to overflow attacks?

When I look at the exploits from the past few years related to implementations, I see that quite a lot of them are from C or C++, and a lot of them are overflow attacks. Heartbleed was a buffer overflow in OpenSSL; Recently, a bug in glibc was…

asked Feb 23 '16 at 14:37

Nzall

7,433
6
31
46

135

votes

9 answers

Is Google spying on all of us?

I am curious because, I experienced something bizarre recently. About a month ago, someone asked me to find out a price for a T-shirt printing machine, and probably for the first time, I pressed these keys and started searching, searching, for long…

asked Nov 26 '12 at 03:14

samayo

929
2
8
10

135

votes

16 answers

What should I do when my boss asks me to fabricate audit log data?

My boss just asked me to create a fictitious log entry to say that a user's account was updated before it was, to win a dispute. I feel this is not right because I am trying to start a career in working with data technology. Whether or not I get…

ethics

asked Jan 25 '12 at 16:51

computer_nurd

134

votes

7 answers

How did Google know I looked something up?

Yesterday I was searching DuckDuckGo for booking a vacation. I ended up reading a lot on one specific website. Today multiple websites show me Google banners from this specific website. Normally, I never look up websites for booking a vacation. I…

asked Oct 11 '17 at 11:21

P.Yntema

1,047
2
8
13

134

votes

4 answers

Is it safe to include an API key in a request's URL?

Lately I've seen plenty of APIs designed like this: curl "https://api.somewebsite.com/v1/something&key=YOUR-API-KEY" Isn't it elementary that passing an API key in a query string as a part of the URL is not secure at least in HTTP.

asked Mar 30 '16 at 08:34

Incerteza

2,257
3
18
22

133

votes

6 answers

How secure are the FIDO U2F tokens

Google and Yubico just announced the availability of cryptographic security tokens following the FIDO U2F specification. Is this just another 2FA option, or is this significantly better than solutions such as SecureID and TOTP? Specifically: In…

asked Oct 22 '14 at 05:55

tylerl

83,435
26
152
232

133

votes

4 answers

Is there any particular reason to use Diffie-Hellman over RSA for key exchange?

I often see RSA being recommended as a method of key exchange. However, the Diffie-Hellman key exchange method appears to be secure as well. Is there any considerations one should take into account that would lead to using one algorithm over the…

asked May 07 '13 at 12:08

user10211

133

votes

2 answers

Why is "fhepfcelehfcepfffacacacacacacabn" a top DNS query from my devices?

I recently set up NextDNS on my personal devices to further reduce the amount of tracking and ads I'm exposed to. The service comes with built-in analytics that shows a brief overview of your network activity. Most of the top hits are…

asked Mar 29 '20 at 14:13

Etheryte

852
2
7
13

133

votes

3 answers

Is HostGator storing my password in plaintext?

I want to bring this up to HostGator, but want to verify my suspicions before making a big fuss. I asked a customer care representative to help me add an SSL certificate to a site I host with them. When he was done, I received this e-mail with all…

asked Mar 26 '19 at 22:18

M -

1,927
5
11
13

Most Popular