Information Security Weekly Newsletter - Wednesday, December 31, 2014

Top new questions this week: Can SQL-injection lead to remote code execution? I don't recall where, but I have read about running some code (e.g. PHP code on a PHP-based web application) on the server through SQL injection. Is it possible? If yes, how exactly? I understand ... sql-injection   asked by PavanW3b 14 votes answered by Fleche 21 votes Danger of default router password How bad is it to not change the default home router password? Are there any concrete dangers? Are there any attacks directly resulting out of the use of default passwords, not vulnerabilities in the ... router default-password   asked by tim 11 votes answered by Cristian Dobre 14 votes What is the need and purpose of packet injection within WiFi attacks According to my research, the most common WPA/WPA2 WiFi attack requires a chipset capable of packet injection. However I am not sure what this is, and what purpose it serves once you have the ... wifi   asked by Raja 9 votes answered by Cristian Dobre 12 votes What is the state of the art for forcing logout on browser quit? Background: Most browsers have implemented some form of "Session Restore" functionality as a convenience to users where, if enabled, session cookies will be persisted across browser restarts. ... session-management   asked by jackthecoiner 7 votes answered by sebastian nielsen 2 votes How does SSH use both RSA and Diffie-Hellman? SSH protocol 2 allows you to use DSA, ECDSA, ED25519 and RSA keys when establishing a secure connection to a server. (Keep in mind for this question that I'm only familiar with the procedure and ... ssh rsa key-exchange diffie-hellman   asked by IQAndreas 7 votes answered by cpast 9 votes does using a long delimiter multiple times degrade encryption security? I need to condense multiple distinct pieces of data into a single encrypted string that can be decrypted and separated out later. Before encrypting, I need to separate the data with some kind of ... encryption   asked by Cbas 6 votes answered by lserni 5 votes Is ntpd running purely as a client vulnerable to the recent ntp vulnerabilities? There's been 3 recent vulnerabilities in the NTP reference implementation. Namely: CVE-2014-9296 CVE-2014-9295 CVE-2014-9294 Is ntpd, or ntpdate, running as a client vulnerable to any of these ... ntp cve-2014-9296 cve-2014-9295 cve-2014-9294   asked by Steve Sether 6 votes answered by mcgyver5 5 votes Greatest hits from previous weeks: How do I secure Apache against the Bash Shellshock vulnerability? I have an Apache webserver running, and with the recent news of the Shellsock exploit against bash I was wondering if my webserver is vulnerable. I don't think it is, but I want to make sure I'm not ... apache shellshock bash   asked by user56147 39 votes answered by mr.spuratic 25 votes What is the difference between https://google.com and https://encrypted.google.com? Is it there any difference between the encrypted Google search (at https://encrypted.google.com) and the ordinary HTTPS Google search (at https://google.com)? In terms of security what were the ... encryption tls web-application privacy http   asked by BlueBerry - vignesh4303 97 votes answered by Adnan 102 votes Can you answer these? Are there any filesystems that have secure deletion as a feature? There's many 3rd party tools people have designed to perform secure deletion, but I don't know of any filesystems where secure deletion is built in. In fact, secure deletion has to work around ... file-system deletion securedelete   asked by Steve Sether 3 votes Attackers of Google DNS hijacking As we know Google DNS server (8.8.8.8) in 14th and 15th March was hijacked in Sao Paulo. And subsequent to this event, BGPmon.org announced an alert Now, In a course assignment, we are asked to ... attacks dns google routing   asked by abforce 1 vote Can TLSv1.0 ciphers be used with SSLv3? Can TLS cipher, such as TLS_RSA_WITH_AES_256_CBC_SHA, suites be used within an SSLv3 connection? For example, say the client and server both support TLS but the connection is downgraded to an SSLv3 ... tls cipher-selection   asked by user53029 1 vote

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3