Highest Voted Questions - IT Security Stack Exchange

107

votes

7 answers

Is it safe to give my email address to a service like haveibeenpwned in light of the publication of "Collection #1"?

There is a new big case of stolen login/password data in the news. At the same time, I am reading that there are services that let you check if your own login data is affected, e.g. Have I Been Pwned. Is it safe to enter my email address there to…

asked Jan 17 '19 at 13:12

godwana

931
2
6
4

107

votes

7 answers

Is MD5 considered insecure?

After all these articles circulating online about md5 exploits, I am considering switching to another hash algorithm. As far as I know it's always been the algorithm of choice among numerous DBAs. Is it that much of a benefit to use MD5 instead of…

asked Sep 08 '12 at 17:21

Tawfik Khalifeh

2,602
6
23
27

107

votes

19 answers

Defence methods against tailgating

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let…

asked Nov 16 '18 at 15:12

Lithilion

1,669
2
9
17

107

votes

5 answers

Confirmed evidence of cyber-warfare using GPS history data

In its recent policy, the US Department of Defense has prohibited the use of GPS-featured devices for its overseas personnel. They explain it with a theory that commercial devices like smartphones or fitness trackers can store the geo-position (GPS)…

cyber-warfare

asked Aug 07 '18 at 23:52

Be Brave Be Like Ukraine

1,053
3
9
16

107

votes

14 answers

Could keystroke timing improve security on a password?

When I was young, and had just started out in my software-development career 20 years ago, I wrote a little bit of code on my Amiga that took a password, but also recorded (within some threshold), the speed at which each letter of a password was…

asked Apr 28 '16 at 19:31

Moo-Juice

1,152
2
8
8

107

votes

15 answers

Why did customer services say using symbols in a password is insecure?

I am using an online service that I recently had to reset my password because I forgot it. When I went to change password I wanted to use one with a symbol !@£$%^&*(). When I clicked "confirm password" it displayed "_Invaid Data" to me which I…

asked Jan 26 '16 at 18:44

iProgram

1,187
3
9
15

106

votes

11 answers

How dangerous is it to reveal your date of birth, and why?

At some point I told a friend that it's dangerous to reveal your birth date (kind of like your social security number or your mother's maiden name), because it's a crucial piece of information for identity theft. However, I'm not sure what exactly…

asked Jul 27 '15 at 06:55

user541686

2,562
2
23
29

106

votes

11 answers

Technology that can survive a "Rubber-Hose attack"

In the documentary film Citizenfour, Edward Snowden says about documents: I'm comfortable in my technical ability to protect [documents]. I mean you could literally shoot me or torture me and I could not disclose the password, even if I wanted…

asked Mar 04 '15 at 15:55

QBR8ZIKvyJ

971
2
7
4

106

votes

11 answers

Best practices for Apache Server hardening?

What are some best practices, recommendations, required reading for securing an Apache Server?

asked Nov 11 '10 at 23:08

Eric Warriner

3,361
3
27
20

106

votes

2 answers

Is a redirect showing the password in plain text a security vulnerability?

A couple of days ago, I attempted to log into the website of a well-known SaaS provider. I used a password manager on my browser (so user/pass were correct) and the NoScript plugin which had limited permissions granted to the site so some JS was…

asked Jul 05 '18 at 02:12

markdwhite

1,021
2
7
7

106

votes

5 answers

Why do you have to be an admin to create a symlink in Windows?

In linux every user can create symlinks, but in Windows I need an admin command line, or mklink fails. Why is that?

asked Dec 29 '11 at 08:50

ripper234

1,246
2
9
12

105

votes

10 answers

Prevention measures against laptop seizure at US borders

Since laptop and other electronic device seizures at US borders became legal without a warrant (including making copies of data), 7% of ACTE's business travelers reported being subject to a seizure as far back as February 2008. What measures have IT…

asked May 11 '15 at 05:53

Dan Dascalescu

1,985
2
16
25

105

votes

8 answers

How can I reliably erase all information on a hard drive?

As storage technologies change over time, using different encodings and remappings to deal with sector errors, the best way to permanently erase/wipe/shred data changes also. Methods for flash drives and other solid-state drives are covered nicely…

asked Jul 28 '11 at 14:40

nealmcb

20,783
6
72
117

105

votes

8 answers

Can someone read my E-Mail if I lose ownership of my domain?

Let's assume I have a server set up with an email address like me@mydomain.tld. Now I have distributed my business card with the e-mail address to all people all over the world and they keep sending me confidential emails. But now I don't feel like…

asked Jan 03 '19 at 05:20

Skiddie Hunter

1,128
2
7
12

105

votes

5 answers

Is sending password to user email secure?

How secure is sending passwords through email to a user, since email isn't secured by HTTPS. What is the best way to secure it? Should i use encryption?

asked Aug 01 '12 at 10:18

user310291

1,403
2
12
13

Most Popular