Highest Voted Questions - IT Security Stack Exchange

130

votes

20 answers

How should I securely type a password in front of a lot of people?

I am a manager in an office where the company does not provide a company email, so I use my personal email. Often, I will receive jobs lists by email from my general manager. How should I log in to my email in front of my co-workers so that they…

authentication

asked Jan 15 '16 at 04:29

Annalise Carla

1,345
2
9
7

130

votes

11 answers

Is there any way to safely examine the contents of a USB memory stick?

Suppose I found a USB memory stick lying around, and wanted to examine its contents in an attempt to locate its rightful owner. Considering that USB sticks might actually be something altogether more malicious than a mass storage device, is there…

asked Oct 19 '15 at 06:28

200_success

2,144
2
16
20

129

votes

8 answers

What stops Google from saving all the information on my computer through Google Chrome?

I noticed that in Google Chrome, if I type in file:///C:/Users/MyUsername/Desktop/ it shows me all of the folders on my Desktop, and I can type open up PDFs and such in chrome just by typing in the file path. What processes and systems are in place…

asked Jun 11 '18 at 15:34

Pro Q

1,349
2
8
11

129

votes

4 answers

Do I need CSRF token if I'm using Bearer JWT?

Context: Angular site is hosted on S3 behind CloudFront, separate from Express server that is used as API and almost all requests are XMLHttpRequests. All requests are sent without cookies (withCredentials = false by default) and I use JWT Bearer…

asked Sep 29 '17 at 12:25

Igor Pomogai

1,393
2
9
7

129

votes

11 answers

Can my employer see what I do on the internet when I am connected to the company network?

This is an attempt at a canonical question following this discussion on Meta. The aim is to produce basic answers that can be understood by the general audience. Let's say I browse the web and use different apps while connected to the network at…

asked Nov 16 '16 at 18:20

INV3NT3D

3,987
3
15
25

128

votes

3 answers

Should I be worried of tracking domains on a banking website?

Finland's largest bank OP (former Osuuspankki) has added tracking domains (all three owned by Adobe) in their website redesign: These domains are loaded when signed in: 2o7.net demdex.net omtrdc.net Is this considered acceptable? What information…

asked Jul 29 '17 at 19:39

user598527

1,343
2
11
16

127

votes

3 answers

Session Authentication vs Token Authentication

I am trying to get a handle on some terms and mechanisms and find out how they relate to each other or how they overlap. Authenticating a theoretical web application and mobile application is the focus. The focus is on the exact difference between…

asked Feb 16 '15 at 09:04

Hoax

2,775
4
15
11

127

votes

7 answers

Is using Git for deploying a bad practice?

I tend to use Git for deploying production code to the web server. That usually means that somewhere a master Git repository is hosted somewhere accessible over ssh, and the production server serves that cloned repository, while restricting access…

asked Nov 14 '13 at 07:37

Septagram

1,373
2
9
5

127

votes

8 answers

Why is storing passwords in version control a bad idea?

My friend just asked me: "why is it actually that bad to put various passwords directly in program's source code, when we only store it in our private Git server?" I gave him an answer that highlighted a couple of points, but felt it wasn't…

asked Aug 15 '18 at 11:05

d33tah

6,544
8
40
61

127

votes

2 answers

How do ASLR and DEP work?

How do Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) work, in terms of preventing vulnerabilities from being exploited? Can they be bypassed?

asked Aug 12 '12 at 15:13

Polynomial

135,049
43
306
382

127

votes

7 answers

My ISP uses deep packet inspection; what can they observe?

I found out that my ISP does deep packet inspection. Can they see the contents of HTTPS connections? Wouldn't having HTTPS ensure that they can't see the contents being transferred? And can having a VPN protect me against deep packet inspection by…

asked Mar 27 '17 at 17:33

cppanonhelp666

1,253
2
9
6

127

votes

2 answers

How is the Heartbleed exploit even possible?

I have read about the Heartbleed OpenSSL vulnerability and understand the concept. However what I don't understand is the part where we pass 64k as the length and the server returns 64kb of random data because it does not check whether we really…

asked Oct 10 '16 at 20:03

Talha Sayed

1,001
2
8
8

127

votes

5 answers

How to check if an SSH private key has passphrase or not?

Let's say I have access to the private portion of an RSA key-pair. How can I check if this key has associated passphrase or not?

asked Jul 11 '16 at 11:18

kung

1,469
2
9
9

126

votes

10 answers

How critical is it to keep your password length secret?

Is keeping your password length secret critical to security? Does someone knowing that you have a password length of say 17 make the password drastically easier to brute force?

asked Jun 23 '15 at 14:01

Crizly

2,617
5
20
30

126

votes

4 answers

How does ransomware get on people's computers?

I've noticed increased frequency of ransomware questions around Stack Exchange. Some of the people I remotely know had their devices recently infected as well. I'm starting to be concerned. When people ask me how to avoid viruses, I typically tell…

asked Apr 13 '16 at 08:43

Tomáš Zato

1,258
3
11
17

Most Popular