Information Security Weekly Newsletter - Wednesday, December 30, 2015

Top new questions this week: Are there security advantages gained from forcing a website to be available from just one tab at a time? I just found that a website of one Polish bank forces the users to open it in one browser tab only. You cannot for example check your transfer history while looking for an account number that you ... web-application usability   asked by d33tah 38 votes answered by Lie Ryan 53 votes How do large companies protect their source code? I recently read the canonical answer of our ursine overlord to the question on How do certification authorities store their private root keys? I then just had to ask myself: How do large companies ... source-code protection backdoor   asked by SEJPM 38 votes answered by Trey Blalock 32 votes Evaluating the security of home security cameras My parents have a vacation home out in the country and are looking to setup a home surveillance system for remote viewing. I've heard that there can be serious vulnerabilities in these products. What ... physical risk-analysis threat-modeling   asked by mercurial 29 votes answered by André Borie 33 votes Is physical security less important now for securing a server? If you could get physical access to a server, you could change the root/admin password even if you did not know the current password. However with encrypted disks, I don't think this is possible ... physical server physical-access   asked by user93353 25 votes answered by Adam Caudill 43 votes How does Firefox encrypt passwords without selecting Master Password? I know that the file logins.json contains all my encrypted passwords in Firefox browser. How does Firefox encrypt these passwords if I don't use the 'Master Password' option? Does this mean key3.db ... encryption passwords web-browser firefox   asked by Hila 20 votes answered by Austin Hartzheim 22 votes How trustworthy is `sudo apt-get install (package name)` in Ubuntu? One of the easy ways to install a program in Ubuntu Linux is to type a command in the terminal, but how do I know that the program is coming from a trusted source and not from somewhere dangerous? ... malware privacy protection safe-browsing secure   asked by Henry WH Hack 18 votes answered by bignose 35 votes Why would a website serve different versions of a file over HTTP and HTTPS? Here is a link given on curl's official website: (prefix omitted) bintray.com/artifact/download/vszakats/generic/curl-7.46.0-win64-mingw.7z When I downloaded it with prefixes http:// and https:// I ... tls hash integrity   asked by solarflare97 17 votes answered by Sander 22 votes Greatest hits from previous weeks: How do I clear cached credentials from my Windows Profile? Windows seems to be saving my credentials for a variety of applications (terminal servers, etc) and I'd like to purge this data. How can I backup and purge this data? authentication windows certificates   asked by LamonteCristo 25 votes answered by LamonteCristo 28 votes How do I use "openssl s_client" to test for (absence of) SSLv3 support? In order to mitigate the "Poodle" vulnerability, I'd like to disable SSLv3 support in my (in this case, TLS, rather than HTTPS) server. How can I use openssl s_client to verify that I've done this? tls openssl   asked by Roger Lipscombe 47 votes answered by P4cK3tHuNt3R 58 votes Can you answer these? Router sends password plaintext: is this a serious vulnerability? Today I went to go & reset my router, but forgot the account password for the ISP. On the (extremely) off-chance of the password being present in the 'Password' field, I went to the appropriate ... passwords vulnerability router   asked by cybermonkey 1 vote PGP 'forced entry' decode (steganography?) This was originally posted by me on stackoverflow but was deemed too generic. It does seem like an impossible thing to do, but: you know when you have your perimeter alarm system you usually get ... pgp gnupg honeypot steganography   asked by Nicole Bertford 1 vote Is PSK-protected IKEv2 secure against MITMs? I've set up an IKEv2 VPN connection as an alternative to an HTTP proxy (since HTTP proxies' credentials fly in plaintext and iOS still can't correctly remember proxy credentials) and I'd like to know ... ipsec ike   asked by André Borie 2 votes

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3