The Question : 108 people think this question is useful I know the reasoning behind not letting infinite password attempts – brute force attempts is not a meatspace weakness, but a problem with computer security – but where did they get the number three from? Isn’t denial of service a concern when implementing a lockout
The Question : 125 people think this question is useful I’ve noticed increased frequency of ransomware questions around Stack Exchange. Some of the people I remotely know had their devices recently infected as well. I’m starting to be concerned. When people ask me how to avoid viruses, I typically tell them things like not to
The Question : 153 people think this question is useful Where can I find one? Is there a pot of gold at the end? How do I protect against them? From the Area51 proposal This question was IT Security Question of the Week. Read the Sep 09, 2011 blog entry for more details or submit
The Question : 155 people think this question is useful The Jurassic Park scene referenced in the title is infamous for how ludicrous it sounds to those who are tech literate. But it also illustrates what seems to me to be a glaringly huge hole in web security, particularly IoT devices–as soon as attackers find
The Question : 161 people think this question is useful There is a new recent attack “on TLS” named “DROWN”. I understand that it appears to use bad SSLv2 requests to recover static (certificate) keys. My question is: How? How can you recover static encryption or signature keys using SSLv2? Bonus questions: How can I
The Question : 179 people think this question is useful I’m curious why an ATM computer is considered secure. The general adage of “If an attacker has physical access to my machine, all bets are off,” seems to not apply in this circumstance (since everyone has physical access to the machine). Why is this? I
