Highest Voted Questions - IT Security Stack Exchange

121

votes

4 answers

How can RFID/NFC tags not be cloned when they are passive technology?

Everywhere a question like this is asked, I see people responding that (in a scenario where a card is used) the card does some processing with the data it receives/generates some data when it receives a signal. How is this possible without…

asked Aug 01 '16 at 22:13

stenlan

1,261
2
9
6

120

votes

9 answers

Is it dangerous to post my MAC address publicly?

When posting questions, it is often quite useful to include debug output. However, it sometimes include the MAC address of my laptop, router, or both. What are the possible dangers of releasing these mac addresses publicly?

asked Sep 22 '14 at 07:09

Shelvacu

2,383
4
18
31

120

votes

11 answers

What's to stop someone from 3D print cloning a key?

My friend just posted a picture of her key to instagram and it occurred to me that with such a high res photo, the dimensions of the key could easily be worked out. Therefore the key could be duplicated. What's to stop someone malicious from abusing…

asked May 18 '14 at 19:07

personjerry

1,246
4
11
14

120

votes

3 answers

Does bcrypt have a maximum password length?

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output:…

asked Jul 31 '13 at 13:19

d0ctor

1,303
2
9
7

120

votes

6 answers

Why should one not use the same asymmetric key for encryption as they do for signing?

In an answer to a question about RSA and PGP, PulpSpy noted this: It is possible to generate an RSA key pair using GPG (for both encryption and signing -- you should not use the same key for both). What is the reasoning behind this? Perhaps my…

asked Jan 21 '11 at 20:06

Iszi

27,127
18
101
163

120

votes

11 answers

Hacker used picture upload to get PHP code into my site

I'm working on a website — right now it's in early stages of testing, not yet launched and just has test data - thank goodness. First of all, a hacker figured out the password to log onto the websites 'administration' pages*. I think they used a key…

asked Jan 04 '17 at 10:04

Williamz902

1,285
2
9
6

119

votes

3 answers

Why wasn't the KRACK exploit discovered sooner?

From what I've read, the issue is as simple as performing step 3 of a 4-step handshake and the consequences of performing that step more than once. Considering the complexity of these kinds of algorithms, I'm somewhat surprised that it is so…

asked Oct 16 '17 at 21:54

Dave Cousineau

890
2
7
9

118

votes

10 answers

Alternatives to anti-virus for keeping oneself safe

I have read a lot of articles that talk about how using an AV is less safe than not having one for more intermediate PC users who are careful with what they click and download. For example, here are a couple of articles:…

asked Mar 26 '18 at 01:49

delacroix

1,053
2
8
8

118

votes

15 answers

When choosing a numeric PIN, does it help or hurt to make each digit unique?

Imagine a typical 4-digit PIN scheme containing the digits [0-9]. If I choose my PIN at random, I will get one out of 10 * 10 * 10 * 10 = 10,000 codes. Based on my own experience, more than half of the time a random sequence of four digits will…

asked Apr 04 '17 at 00:57

smitelli

2,085
3
17
19

117

votes

7 answers

Can "cat-ing" a file be a potential security risk?

I often use cat on the console to view the contents of files, and every now and then I accidentally cat a binary file which basically produces gibberish and system beeps. However today I've encountered a situation where the output from the cat…

asked Apr 22 '14 at 02:29

Ivan Kovacevic

2,159
5
21
21

117

votes

18 answers

Does an established HTTPS connection mean a line is really secure?

From the view of somebody offering a web application, when somebody connects with TLS (https) to our service and submits the correct authentication data, is it safe to transmit all sensitive data over this line, or can it be that there is still…

asked Nov 11 '10 at 21:41

Peter Smit

2,759
3
24
25

117

votes

13 answers

Is it good or bad practice to allow a user to change their username?

I have looked all over online as well as this site to try to find out more information regarding the security of this, but haven't found anything. In my particular case, the product is a website, but I think this question applies for any software…

asked Dec 19 '17 at 21:02

Jeff Y

1,071
2
8
9

117

votes

4 answers

How would a resourceful government block Tor?

I came across this article saying that after the November 2015 Paris attacks, some French police officers proposed to ban Tor. Tor is used to circumvent censorship! What security techniques would governments use to block Tor?

asked Dec 07 '15 at 18:08

user93895

1,133
2
8
7

117

votes

4 answers

What certificates are needed for multi-level subdomains?

I'm working on a web site with a several levels of subdomains. I need to secure all of them with SSL, and I'm trying to determine the correct certificate strategy. Here's what I need to secure: foo.com www.foo.com Any combination of…

asked Jan 10 '12 at 13:06

Nathan Long

2,734
4
24
28

116

votes

6 answers

I can't access websites that use HTTPS, instead getting the message "your connection is not private"!

I found myself suddenly unable to access websites that use HTTPS, so I contacted my service provider, and they asked me to install a certificate in the Trusted Root Certificate Authorities store. But something isn't right: installing a certificate…

asked Feb 02 '15 at 17:11

Tarek

1,073
2
7
9

Most Popular