Top new questions this week:
|
|
A lot of search engines (Google, Bing, etc.) allow you to add your domain to their monitoring panel. You can associate your domain to your account as long as you can prove that you manage that domain …
|
|
Is there any Security Benefits/Risk in keeping old “Here is your 2FA login code” in email and text? I always wonder if seeing one that is unread could queue me in to something bad happening …
|
|
The sign-in process of Microsoft services has a timeout whereby if you wait too long to input a password, the sign-in dialog expires and you need to refresh the dialog. For example, this is what …
|
|
I noticed that when it comes to some websites (e.g. Twitter), the security certificate is changed when I log in and out of NordVPN – the SHA-1 digest is visibly different. Keep in mind that not only I …
|
|
I’ve been reading about HMAC protecting from length extension attacks, but if the message already specifies it size, is HMAC adding any advantange to simple hashing after prepending a secret? As …
|
|
I would like to remotely verify whether SSL 3.0 is running on several servers. Previously, this command: openssl s_client -connect example.com:443 -ssl3 Would have worked but now I am getting the …
|
|
3 people need to share some data through cloud. The total amount of data is small (<5gb in total). The update rate is very low, 1 per month. The cloud has very limited security measures so we …
|
Greatest hits from previous weeks:
|
|
I am trying to find the live hosts on my network using nmap. I am scanning the network in Ubuntu using the command sudo nmap -sP 192.168.2.1/24. However, I am unable to find the live hosts. I just get …
|
|
Most users would simply type ssh-keygen and accept what they’re given by default. But what are the best practices for generating ssh keys with ssh-keygen? For example: Use -o for the OpenSSH key …
|
|
To deposit money into your account, some websites require that you provide them with a lot of details about your bank account: name, complete address and IBAN which includes your account number and …
|
|
How easily could someone crack my keepass .kdbx file if that person steals the file but never obtains the Master Password? Is this a serious threat, or would a brute force attack require massive …
|
|
I have been getting emails from “account-security-noreply@accountprotection.microsoft.com” (as verified in metadata) about unusual activity. The internet has very conflicting information about if …
|
|
How can I find out if files from my computer were written/copied/moved to a USB storage device? I want to know if there is a solution that would work in a system that has not got any monitoring/…
|
|
Say I have previously created a private/public key combination, and decided at the time to not protect the private key with a password. If I later decide to “beef up” security and use a password-…
|
Can you answer these questions?
|
|
Does Firefox’s built-in installer for addons/extensions validate its payload’s authentication and integrity for all files it downloads before actually installing them? I avoid in-app updates because, …
|
|
I’m facing a similar situation where I need to store users’ access tokens, but I’m not sure how to securely store them in the server. I’ve only ever used a security manager for my tokens, and salt …
|
|
I have my TPM2.0 connected to my raspberry pi. I generated a Cert file and Private key using openssl. These files are used to connect MQTT with TLS. How do I store/secure these files in/with the TPM …
|
