Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
How secure is Dropbox on an open coffee shop wifi? [more inside]
I want to teach students good computer security habits. [more inside]
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
So, my debit card number has now been "compromised" twice in as many months. How am I supposed to approach security with cards nowadays? [more inside]
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
A former contractor for a small business I'm involved in has told an employee he plans to sabotage the business' 5 trucks, possibly pouring chemicals in the gas tanks. Advice on the best methods and devices to try to prevent this would be very appreciated. [more inside]
What would be the best ways to secure multiple laptops, smartphones, cameras (physically, and also to catch thieves) in a "rustic" foreign country... keeping in mind I need to fit everything in luggage or fashion it out of raw materials in country. [more inside]
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same source code the developer published, and not a malicious variant of it? [more inside]
Android apps seem to grab permissions that I have no desire to give them. My understanding is that the permissions per app are all bundled together: it's all or nothing. At least officially. Is there another way? Also, is there a privacy watchdog site that will help me find apps that actually respect my privacy and support/purchase them over those that do not? [more inside]
I want to only share my identity with the tax man when I write, and allow people to pay me online. How do I do this? [more inside]
The best and simplest way to communicate between a smallish number of (known) people, on a few different devices, with encryption? [more inside]
My department is being mandated to start using Google+ and some other Google apps. Please help me think through the security and privacy implications of what I am afraid might become a real mess. [more inside]
I am new to this so this may be a very basic question. I am starting a mailing list of about 1000 people with 3-4 subgroups. I want to structure it so that people working for me can design and send out campaigns but I want to find a way by which they can't download the mailing list and share it with others or use it for purposes other than my campaigns. Is there a way to do this? If not in MailChimp can I do it in another software?
How do I prevent OCR on a document (typically a PDF but I could use another document format if necessary)? I know that when I scan it from a hard copy to a PDF I can disable/stop the OCR process, but Adobe allows it to happen on any PDF I scan in, whether OCR was eliminated at scanning or not, and I have to stop that (I have work product I'd like to distribute electronically, but my boss would like to make sure it's not searchable and it's as hard as I can make it to copy). I can use any software or process within reason.
Is there a practical way to keep someone from f-cking with my car? [more inside]
Twice recently my Gmail acct. has been hijacked by someone who is sending spam emails to some, but not contacts --seems to be only recently emailed (by me) people. The spam is an ad, as seen on Fox News for Raspberry drops weight loss aid. How do the spammers access my Gmail account? Could it be through my brand new Android cell phone? I am unaware of any other problems on my (Macbook) home computer. I have a secure WiFi router at home. No evidence malware or virus. I've changed my Gmail password, FWIW. Any suggestions on how/where to find a way from this happening again?
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future. [more inside]
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
What are good resources, online and offline, for information about the average experience in federal prison camps (minimum security prisons)? [more inside]
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL. Last spring The Online Trust Alliance, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so. Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
Landlord doesn't require a lease or a security deposit. Should I be concerned? [more inside]
How can I setup a website accessible by VPN but by multiple users at different locations? More details inside... [more inside]
What would politics in outer space look like? [more inside]
I'd like my security deposit back, please. [more inside]
Looking for best practices for home data security for an exclusively Mac household. [more inside]
I was checking the security setting on my gmail account this AM and was alarmed to see that govtrack.us had somehow been granted " granted the following services access to your Google Account". Especially concerning since i had never seen that site, or even heard of it. What gives?
I found several "favourited" videos in my YouTube account that were definitely not my or my partner's doing. What could have happened? Was I hacked? [more inside]
Yesterday I added a network print server device to my home network. How can I know that it is secure? Can I firewall it to prevent it from sending anything out to the internet? A few more details inside. [more inside]
Our former landlord is trying to withhold our security deposit and charge us $3,000+ for damages we did not cause. We just received her letter itemizing the "charges" and I just want to make sure we are covering our bases, as it's my first time in this situation. We are in Prince George County, Maryland. [more inside]
Please help me understand the difference (or non-difference) in safety for Firefox vs. Chrome browser extensions (plugins/add-ons). [more inside]
Apparently, I didn't keep the answers to my iTunes security authorization questions. I think I can guess my answers with a few more tries, but I might get locked out before I get there. Will the wrong answer count reset back to zero after a wait time? Meaning, can I try again tomorrow, or will I still get locked out? [more inside]
How to get Adobe Reader to save a secure form? [more inside]
How do I remove a Mediaplex virus from my computer? [more inside]
What is the best way to keep your web usage on a network hidden from anyone who might be snooping packet traffic? [more inside]
Secure VPN for a novice? [more inside]
New IPad - very computer savvy - do I need to worry about security on my new IPad? I check my banking accounts everyday on my laptop and would like to use my IPad for this. Is there additional security needed (to download) or am I good to go?
I'm looking for a book recommendation on the history of computer and internet security. [more inside]
How can I electronically send confidential/private information to other people as conveniently but securely as possible? [more inside]
Virginia rental dispute II: Disputed their damages bill into a giant vat of nothingness, and months later they want me to call them back. Should I call them or not? [more inside]
What's a better-security alternative to Spam Arrest for challenge-response email? I received a password reminder email from Spam Arrest today. It included my full password in cleartext, and when I went to change my password to a long semi-random string of hashed characters I discovered that they silently truncate entries to 20 characters, which would have locked me out if they didn't keep everything in the clear to remind me. Frightening. Is there anyone out there who offer C/R email and knows how to store passwords?
This November, my wife and I will be flying from Winnipeg, MB to Phoenix AZ, with a brief stopover in Minneapolis MN. A week later, we'll be returning the same way, Phoenix -> Minneapolis -> Winnipeg. We both qualify for Nexus cards and I'm wondering if they would be of any use for the Minneapolis/Phoenix leg of the trip. [more inside]
How safe is a virtual machine for testing unknown software or browsing unknown websites? [more inside]
This past weekend I had a huge moving sale, and ended up with about $1500 in small bills ($1s, $5s, $10s, $20s). Between cleaning my apartment and packing everything up today, I forgot to go to the bank and deposit the money into my account. Tomorrow morning I fly out of JFK (Terminal 4, specifically) to move to San Francisco, and since my flight is early there's no time to go to a bank. I feel weird traveling with these huge wads of cash, especially as it's all small bills. Right now it's all stuffed into a cigar box in my carry-on. I don't think it will fit in my wallet. Will the currency exchange places give me $100s (or better yet a money order) for my cash, and will I find one before passing through security? Will TSA steal from me, or give me a hard time for carrying these wads of bills? Is there possibly a Bank of America branch in JFK? What should I do? I don't think I'm comfortable depositing this much cash through an ATM, and anyway it would take forever.
A member of my family insists that using Mint.com to track my spending and all of my accounts in one place = a bad news bears security problem. Read this old thread. What's the latest on Mint's safety levels? [more inside]
My employer is going to soon require that myself and other employees receive a "Position of Public Trust - High" classification. My credit is not good and I'm married to a person who is not a US citizen, though is a permanent resident and is from a country that the US likes. There's a couple of other minor snowflake bits, but, overall, how big of a deal is this going to be? [more inside]