Highest Voted Questions - IT Security Stack Exchange

116

votes

24 answers

How could I make the results of a yes/no vote inaccessible unless it's unanimous in the affirmative, without a trusted third party?

A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave, it would be best if the family knew about that so…

asked Aug 03 '20 at 04:00

TheHans255

1,278
2
7
13

116

votes

9 answers

Why is it dangerous to open a suspicious email?

I would like to know why is it considered to be dangerous to open an email from an unknown source? I am using Gmail and I thought it's only unsafe to download an attachment and run it. The first thing that came into my mind was what if the email…

asked Sep 05 '16 at 08:10

Tomas

1,341
3
11
10

116

votes

9 answers

Why is Steam so insistent on security?

Is there any particular reason why the Steam application attempts to be so secure? It seems to force you to take more security measures (two-factor authentication, emails confirming all trades, etc) than most banks do. Is this due to the fact that…

software

asked Dec 01 '15 at 03:39

Jojodmo

1,022
2
7
10

115

votes

4 answers

Is using 'dot' and 'at' in email addresses in public text still useful?

When entering your email address publicly, a practice is to replace . with text dot and @ with text at. I assume that the reasoning is that this way automatic email-collector robots won't match your address so easily. I still see updated websites…

asked Nov 06 '13 at 14:07

n611x007

2,285
3
17
17

115

votes

7 answers

Someone is using my (or has the same) email

I just got a letter from court saying I made 49 threats to someone I had a problem with three years ago. This person presents "my emails" as evidence. I went through all my emails, and I haven't found a single one. The mail presented as evidence all…

asked Feb 06 '17 at 15:36

Leah G

1,089
2
7
5

115

votes

15 answers

How can mom monitor my internet history from a distance?

This might sound like a funny question from a twelve-year-old. The less funny part is that I am 21 and currently studying at university (I don't live at University, although I am 15 minutes away. I do not use university network). You might or…

asked Apr 16 '16 at 21:47

Azerty

1,283
2
9
8

114

votes

6 answers

What would one need to do in order to hijack a satellite?

I realise this borders on sci-fi, but there's been some interesting demonstrations regarding security of various satellites. What would be required to hack a satellite (in general terms, any hack really)? Are they all basically connected in the…

asked Aug 19 '11 at 23:45

Incognito

5,244
5
29
31

114

votes

5 answers

What should a website operator do about the Heartbleed OpenSSL exploit?

CVE-2014-0160 http://heartbleed.com This is supposed to be a canonical question on dealing with the Heartbeat exploit. I run an Apache web server with OpenSSL, as well as a few other utilities relying on OpenSSL (as client). What should I do to…

asked Apr 08 '14 at 03:10

Deer Hunter

5,347
6
35
50

114

votes

6 answers

Roles to play when tailgaiting into a residential building

Following people into a large RFID protected residential building is ridiculously easy, as not everyone knows everyone else. Just the other day I was let in with a rifle (an airgun, but how could have they known). But standing helplessly in front of…

asked Nov 15 '18 at 13:13

Vorac

1,917
3
20
29

114

votes

2 answers

Is it bad that my ed25519 key is so short compared to a RSA key?

I recently generated a new SSH key in the ed25519 format. The public key is only 69 bytes long while my old RSA key is 373 bytes. From my perception ed25519 is the more recent and secure format. So why isn't longer better here?

asked Sep 24 '15 at 14:20

Alex

1,427
2
11
9

113

votes

4 answers

Can I add a password to an existing private key?

Say I have previously created a private/public key combination, and decided at the time to not protect the private key with a password. If I later decide to "beef up" security and use a password-protected private key instead, would I need to…

public-key-infrastructure

asked May 31 '14 at 20:18

IQAndreas

6,845
10
35
53

113

votes

11 answers

Is `sudo` almost useless?

Once an attacker has a shell as your sudoer user (or just compromised a local process enough), he/she can use one of the many privilege escalation tool to even automatically put themselves for example as apt or some other processed called by root to…

asked Jun 08 '20 at 07:28

Wernight

1,217
2
9
8

112

votes

9 answers

Is it safe to send clear usernames/passwords on a https connection to authenticate users?

I'm setting up a home HTTP server which can send and receive JSON data to/from different clients (Android and iPhone apps). I'd like to allow access only to certain users and I'm considering using a simple username/password mechanism, as setting up…

asked Aug 04 '14 at 13:56

Emiliano

1,223
2
9
6

112

votes

9 answers

Why can we still crack snapchat photos in 12 lines of Ruby?

Just came across this bit of ruby that can be used to decrypt Snapchat photos taken out of the cache on a phone, apparently adapted from here. To my surprise, it worked without a problem, considering the problems around Snapchat's security which…

asked Mar 03 '14 at 08:53

Dmitri DB

1,181
2
9
12

112

votes

10 answers

Should I change the private key when renewing a certificate?

My security department insists that I (the system administrator) make a new private key when I want a SSL certificate renewed for our web servers. They claim it's best practice, but my googling attempts have failed to verify their claim. What is the…

asked Jan 10 '13 at 08:17

Commander Keen

1,223
2
8
6

Most Popular