I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
posted by 0
on Apr 1, 2013 -
Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
posted by beniamino
on Mar 28, 2013 -
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]
posted by Kerasia
on Mar 21, 2013 -
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
posted by wintersonata9
on Mar 17, 2013 -
So, my debit card number has now been "compromised" twice in as many months. How am I supposed to approach security with cards nowadays? [more inside]
posted by selfnoise
on Mar 11, 2013 -
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
posted by artychoke
on Mar 7, 2013 -
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
posted by Arbitrage1
on Mar 3, 2013 -
A former contractor for a small business I'm involved in has told an employee he plans to sabotage the business' 5 trucks, possibly pouring chemicals in the gas tanks. Advice on the best methods and devices to try to prevent this would be very appreciated. [more inside]
posted by jcfudgely
on Mar 1, 2013 -
What would be the best ways to secure multiple laptops, smartphones, cameras (physically, and also to catch thieves) in a "rustic" foreign country... keeping in mind I need to fit everything in luggage or fashion it out of raw materials in country. [more inside]
posted by DaftMythic
on Feb 28, 2013 -
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same
source code the developer published, and not a malicious variant of it? [more inside]
posted by The Winsome Parker Lewis
on Feb 26, 2013 -
Android apps seem to grab permissions that I have no desire to give them. My understanding is that the permissions per app are all bundled together: it's all or nothing. At least officially. Is there another way? Also, is there a privacy watchdog site that will help me find apps that actually respect my privacy and support/purchase them over those that do not? [more inside]
posted by jsturgill
on Feb 19, 2013 -
I want to only share my identity with the tax man when I write, and allow people to pay me online. How do I do this? [more inside]
posted by anonymous
on Feb 13, 2013 -
My department is being mandated to start using Google+ and some other Google apps. Please help me think through the security and privacy implications of what I am afraid might become a real mess. [more inside]
posted by jbickers
on Feb 4, 2013 -
I am new to this so this may be a very basic question. I am starting a mailing list of about 1000 people with 3-4 subgroups. I want to structure it so that people working for me can design and send out campaigns but I want to find a way by which they can't download the mailing list and share it with others or use it for purposes other than my campaigns. Is there a way to do this?
If not in MailChimp can I do it in another software?
posted by london302
on Feb 3, 2013 -
How do I prevent OCR on a document (typically a PDF but I could use another document format if necessary)? I know that when I scan it from a hard copy to a PDF I can disable/stop the OCR process, but Adobe allows it to happen on any PDF I scan in, whether OCR was eliminated at scanning or not, and I have to stop that (I have work product I'd like to distribute electronically, but my boss would like to make sure it's not searchable and it's as hard as I can make it to copy).
I can use any software or process within reason.
posted by mrs. taters
on Jan 25, 2013 -
Twice recently my Gmail acct. has been hijacked by someone who is sending spam emails to some, but not contacts --seems to be only recently emailed (by me) people. The spam is an ad, as seen on Fox News for Raspberry drops weight loss aid. How do the spammers access my Gmail account? Could it be through my brand new Android cell phone? I am unaware of any other problems on my (Macbook) home computer. I have a secure WiFi router at home. No evidence malware or virus. I've changed my Gmail password, FWIW. Any suggestions on how/where to find a way from this happening again?
posted by NorthCoastCafe
on Jan 15, 2013 -
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future. [more inside]
posted by Urtylug
on Jan 12, 2013 -
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
posted by pete_22
on Jan 9, 2013 -
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
posted by IanMorr
on Jan 2, 2013 -
What are good resources, online and offline, for information about the average experience in federal prison camps (minimum security prisons)? [more inside]
posted by anonymous
on Jan 1, 2013 -
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
posted by bfu
on Dec 26, 2012 -
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL.
Last spring The Online Trust Alliance
, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so.
Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
posted by deCadmus
on Dec 13, 2012 -
How can I setup a website accessible by VPN but by multiple users at different locations? More details inside... [more inside]
posted by thorny
on Dec 6, 2012 -
I was checking the security setting on my gmail account this AM and was alarmed to see that govtrack.us had somehow been granted " granted the following services access to your Google Account".
Especially concerning since i had never seen that site, or even heard of it. What gives?
posted by dougiedd
on Nov 18, 2012 -
I found several "favourited" videos in my YouTube account that were definitely not my or my partner's doing. What could have happened? Was I hacked? [more inside]
posted by peripathetic
on Nov 14, 2012 -
Yesterday I added a network print server device to my home network. How can I know that it is secure? Can I firewall it to prevent it from sending anything out to the internet? A few more details inside. [more inside]
posted by DarkForest
on Nov 13, 2012 -
Our former landlord is trying to withhold our security deposit and charge us $3,000+ for damages we did not cause. We just received her letter itemizing the "charges" and I just want to make sure we are covering our bases, as it's my first time in this situation. We are in Prince George County, Maryland. [more inside]
posted by SpicyMustard
on Nov 8, 2012 -
Please help me understand the difference (or non-difference) in safety for Firefox vs. Chrome browser extensions (plugins/add-ons). [more inside]
posted by pavane
on Nov 5, 2012 -
Apparently, I didn't keep the answers to my iTunes security authorization questions. I think I can guess my answers with a few more tries, but I might get locked out before I get there.
Will the wrong answer count reset back to zero after a wait time? Meaning, can I try again tomorrow, or will I still get locked out? [more inside]
posted by p3t3
on Oct 17, 2012 -
What is the best way to keep your web usage on a network hidden from anyone who might be snooping packet traffic? [more inside]
posted by anonymous
on Oct 4, 2012 -
New IPad - very computer savvy - do I need to worry about security on my new IPad? I check my banking accounts everyday on my laptop and would like to use my IPad for this. Is there additional security needed (to download) or am I good to go?
posted by pamspanda
on Sep 25, 2012 -
I'm looking for a book recommendation on the history of computer and internet security. [more inside]
posted by cman
on Sep 15, 2012 -
How can I electronically send confidential/private information to other people as conveniently but securely as possible? [more inside]
posted by Dansaman
on Sep 14, 2012 -
Virginia rental dispute II: Disputed their damages bill into a giant vat of nothingness, and months later they want me to call them back. Should I call them or not? [more inside]
posted by bookdragoness
on Sep 10, 2012 -
What's a better-security alternative to Spam Arrest for challenge-response email?
I received a password reminder email from Spam Arrest today. It included my full password in cleartext, and when I went to change my password to a long semi-random string of hashed characters I discovered that they silently truncate entries to 20 characters, which would have locked me out if they didn't keep everything in the clear to remind me. Frightening. Is there anyone out there who offer C/R email and knows how to store passwords?
posted by migurski
on Sep 8, 2012 -
This November, my wife and I will be flying from Winnipeg, MB to Phoenix AZ, with a brief stopover in Minneapolis MN. A week later, we'll be returning the same way, Phoenix -> Minneapolis -> Winnipeg. We both qualify for Nexus cards and I'm wondering if they would be of any use for the Minneapolis/Phoenix leg of the trip. [more inside]
posted by Alvy Ampersand
on Sep 5, 2012 -
How safe is a virtual machine for testing unknown software or browsing unknown websites? [more inside]
posted by apip
on Aug 29, 2012 -
This past weekend I had a huge moving sale, and ended up with about $1500 in small bills ($1s, $5s, $10s, $20s). Between cleaning my apartment and packing everything up today, I forgot to go to the bank and deposit the money into my account. Tomorrow morning I fly out of JFK (Terminal 4, specifically) to move to San Francisco, and since my flight is early there's no time to go to a bank. I feel weird traveling with these huge wads of cash, especially as it's all small bills. Right now it's all stuffed into a cigar box in my carry-on. I don't think it will fit in my wallet. Will the currency exchange places give me $100s (or better yet a money order) for my cash, and will I find one before passing through security? Will TSA steal from me, or give me a hard time for carrying these wads of bills? Is there possibly a Bank of America branch in JFK? What should I do? I don't think I'm comfortable depositing this much cash through an ATM, and anyway it would take forever.
posted by betsbillabong
on Aug 27, 2012 -