Information Security Weekly Newsletter - Wednesday, October 29, 2014

Top new questions this week: Do bad passwords produce bad salted hashes? When you have a password stored in a database that has been strongly hashed and salted does it really matter if the underlying user password is weak? If you setup features like limiting login ... passwords hash password-policy   asked by Crizly 22 votes answered by Xander 47 votes Why do I need to hide my phone's IMEI If it is a secret then why is it visible on the box, invoice and the back of the phone? If it is not a secret then why does it have to be blurred when it gets posted online? imei   asked by Ulkoma 18 votes answered by cybermonkey 10 votes Is my phone carrier monitoring my traffic? Today I started using a VPN on my phone (nexus 5), and after I switched on mobile data and turned off my WiFi, I received a text message from my carrier offering me roaming packages for Europe (which ... mobile vpn phone openvpn   asked by Tomer E. 16 votes answered by Thomas Pornin 15 votes Does the US government protect its physical internet lines in the US? It seems like there are lots of ways to prevent man in the middle attacks. I've read many on here and on the rest of the internet. According to wiki you need a secure channel as well to completely ... man-in-the-middle physical   asked by Carlos Bribiescas 11 votes answered by Tom Leek 29 votes Is it even possible to hack a television channel? In spite of all the hacking news in the recent few years I never heard of someone who managed to hack a TV channel. What makes them so secure? tv-channel   asked by Ulkoma 10 votes answered by Mark 9 votes Sequential password updates Let's say I have a reasonable KDF, and that I make users change their passwords periodically and keep some old password hashes to prevent password reuse. What's to stop the user from changing the ... passwords password-management password-policy   asked by Michael 9 votes answered by Tom Leek 17 votes ISPs are now adding unique header identifiers to web traffic. Can this be avoided? If so, how? I'm a security-conscious Verizon user, and it has recently come to light that Verizon is now serving up my web traffic to ad partners while en route. I understand that once my data has left the ... privacy cookies anonymity   asked by TylerH 8 votes answered by Rоry McCune 9 votes Greatest hits from previous weeks: What is the difference between SSL vs SSH? Which is more secure? What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities? cryptography network ssl ssh   asked by Am1rr3zA 58 votes answered by Thomas Pornin 67 votes How secure is TeamViewer for simple remote support? I'm deploying a web-based ERP system for a customer, such that both the server and the client machines will be inside the customer's intranet. I was advised in another question not to use TeamViewer ... network remote-desktop   asked by mgibsonbr 24 votes answered by Rоry McCune 22 votes Can you answer these? Has a plaintext password ever been used in a court of law as evidence to a crime? Regardless of how the password was obtained (decryption, bad hashing, confession): Are there any prior known cases where the contents of the password was used to prove motive or guilt? Or, looking ... passwords legal   asked by makerofthings7 1 vote Connection Android - Baseband Processor - SIM Card I currently examine the hidden components of a smartphone, inspired by the research of Weinmann All your baseband belong to us and Karsten Nohl Rooting Sim Cards. According to Weinmann, the ... smartcard smartphone   asked by PeteChro 3 votes Build only OpenSSL crypto? I was wondering if it's at all possible to compile only the crypto functionality of OpenSSL that I want? In particular, is it possible to compile just SHA1, AES, and DH parts of OpenSSL? I followed ... openssl   asked by mtahmed 1 vote

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3