• Encryption: Using a static IV

    A part of our team has had to extend our website to try to communicate user credentials for a suppliers website. We're using a 256-bit key but they're using a static IV for decrypting the information. We've advised them not to use static because it's an a security risk. But we want to know how big...

    ITKE346,220 pointsBadges:
  • Installing antivirus software on a web server

    Should a web server have antivirus software installed and active at all times? Are there situations where it is not needed? What should be considered when choosing one to install?

    ITKE346,220 pointsBadges:
  • which tools can be used to analyse vulnerabilities?

    tools which are used to analyse vulnerabilities(which can be downloaded for free)

    Creeeper60 pointsBadges:
  • How to find cyphers for HTTPs?

    I'm trying to find some cyphers which are known to be secure for HTTPs. The OpenSSL website has a long list of cyphers that can be used with SSL and TLs, but how to tell which, if any, are still valid and of those which would support HTTPS? Is there a recent paper or similar tool I can use to find...

    ITKE346,220 pointsBadges:
  • How do antiviruses perform their scans so quickly?

    How do antivirus programs investigate hundreds of thousands of files so quickly while maintaining good detection rates? Most are able to do this in real-time while not slowing down computer processing rates by very much. How is this done?

    ITKE346,220 pointsBadges:
  • Worried someone has access to my pc

    programs running on my pc will sometimes just completely shut down for no reason whatsoever

    puzamanzi5 pointsBadges:
  • Why use 256 bit encryption instead of 128 bit?

    Why is that 256 bit encryption has become so popular? Isn't 128 bit security enough for most applications?

    ITKE346,220 pointsBadges:
  • Hashing passwords: Is it a good idea?

    Now, I'm not sure if this is the best idea so that's why I'm trying to start this discussion. For hashing passwords, should we use hashed passwords as the salt?$passwd = 'foo'; $salt = hash($passwd); $finalHash = hash($passwd . $salt);The $finalHash is what would be stored in the database. I do...

    ITKE346,220 pointsBadges:
  • GUIDs: Are they actually safe?

    I'm studying to become a security expert and I've noticed a ton of websites use GUIDs for password resets, unsubscribe requests, etc. I'm assuming most sites use them because they're easy to use and they're unique. But I'm curious to find out how safe GUIDs actually are. Are they actually intended...

    ITKE346,220 pointsBadges:
  • Do any antivirus products use “canary files” to detect rootkits?

    Which antivirus programs use "canary files" with common strings in their filenames to detect:1.) MyRootkit.vir is known to hide files which include the string ".vir" in their filename.2.) Upon installation (or signature update) MyAV puts MyRootkitcanary.vir in C:\Program Files\MyAV\Canary Files\3.)...

    ITKE346,220 pointsBadges:
  • Is it possible to block souce IP’s by their presence in a BotNet?

    A friend of mine in the security industry recently told me that many DOS attacks and general "black hat hacking" attacks usually happen over the TOR network. Would it be possible to dynamically block source IP's by their presence in a BotNet?Would this be effective in blocking DDoS attacks? How...

    ITKE346,220 pointsBadges:
  • Middle ground password security policies

    What password policies are the best without going crazy? We want security but changing passwords 2 times a month is too much. What is a healthy middle ground between security and convenience?

    TeachMeIT975 pointsBadges:
  • Does SSL equal secure email through transit?

    If an email server sends messages via SMTP/SSL and the recipient uses SSL to receive his email, will the message be secure through the entire transit? Des this mean the e-mail will be delivered in plain text between the servers?

    ITKE346,220 pointsBadges:
  • Passwords stored in memory: Is it safe?

    I recently realized when you save a password in a variable, it's actually stored as plain text in the memory.I know the OS does a good job by forbidding processes from accessing other allocated memory. But isn't it still bypassable? Is there a safer way to store passwords to make sure processess...

    ITKE346,220 pointsBadges:
  • I’m looking for a stronger authentication method for web services

    I deployed a two-factor-authentication solution in order to strength logon to our web applications. The majority of our users who have new tokens are also pop3/imap users (this is from a long time ago). However, I noticed web applications are well protected by 2FA , but mail applications is an easy...

    ITKE346,220 pointsBadges:
  • Generating strong, unique and memorable passwords

    Can someone help me with good strategies for generating personal passwords that are unique and strong, but easy to remember?

    ITKE346,220 pointsBadges:
  • Does a Firewall that allows ICMP pose a security risk?

    What are the security implications for a firewall that allows ICMP? Are there times where it should be turned off?

    ITKE346,220 pointsBadges:
  • Intercepting two-factor authentication (SMS)

    I'm trying to learn more about "IT Security" and I've come across two-factor authentication. I understand two-factor authentication mechanisms use SMS to deliver single-use passphrase to the user. But how secure is it? Is it hard to intercept the SMS message containing the passphrase? Do mobile...

    ITKE346,220 pointsBadges:
  • Testing stateful firewall with TCP/IPv6

    This may seem as a general question but I'm wondering how experienced users actually test "stateful firewall" with TCP/IPv6. I would include these two tests:Echo reply without requestTCP ack without synIs there anything else other than this? Especially that pertains to IPv6?

    ITKE346,220 pointsBadges:
  • Email security on registration form: Is it safe?

    A member of our team has been making updates to one of our sites and he implemented a feature (on the registration form) that checks if an email address is still available for use. But he's nervous if it's secure to show a user if an email address is already taken.Could it be a security risk for...

    ITKE346,220 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following