Information Security Weekly Newsletter - Wednesday, January 27, 2016

Top new questions this week: Explain Security to Employer My employer wants/wanted to install a 3rd party app on my personal cell phone. One of the issues that we are still not seeing eye-to-eye with is regarding security. Here are some issues that concern ... passwords   asked by w0lf42 56 votes answered by anaximander 85 votes Why did customer services say using symbols in a password is insecure? I am using an online service that I recently had to reset my password because I forgot it. When I went to change password I wanted to use one with a symbol !@£$%^&*(). When I clicked "confirm ... passwords password-management   asked by iProgram 39 votes answered by John Deters 92 votes How can changing your DNS protect your online privacy? Looking at a Unblock-US Features (a DNS provider) on their website it states the following: Stay out of the radar of prying eyes. With Unblock-us, you'll have peace of mind knowing that your ... privacy dns   asked by user1 30 votes answered by Matthew 47 votes Could I recover the content of file from its checksum/hash? Let's say I have a video file that is split into multiple parts. Each piece is 2 Megabytes. I also have a list of the *insert hash name here* for each piece and also for the full file. Now assume ... hash brute-force rainbow-table time   asked by beppe9000 25 votes answered by Priyank Gupta 55 votes What person should I write a penetration test report as? When you're writing a report, what person do you write it as? First person singular: I discovered a vulnerability in HP Power Manager... First person plural: We discovered a vulnerability in HP ... penetration-test   asked by paulburkeland 21 votes answered by paj28 31 votes HTTP HEAD and its security versus operational uses Most security advice I see recommends turning off HTTP Methods like TRACE, OPTIONS, HEAD etc. So now I have turned off most of these options on my web server and leaving only GET and POST options that ... web-application http header   asked by Pang Ser Lark 21 votes answered by Jenny D 29 votes Two passwords for one account Would it be a good idea if you had one account which would require two different passwords ? For example your login details were: email: example@gmail.com password 1: P4$$w0rd1 password 2: ... authentication passwords   asked by Lexu 20 votes answered by Matthew 74 votes Greatest hits from previous weeks: How do I use "openssl s_client" to test for (absence of) SSLv3 support? In order to mitigate the "Poodle" vulnerability, I'd like to disable SSLv3 support in my (in this case, TLS, rather than HTTPS) server. How can I use openssl s_client to verify that I've done this? tls openssl   asked by Roger Lipscombe 47 votes answered by P4cK3tHuNt3R 58 votes Do any security experts recommend bcrypt for password storage? On the surface bcrypt, an 11 year old security algorithm designed for hashing passwords by Niels Provos and David Mazieres, which is based on the initialization function used in the NIST approved ... passwords cryptography hash bcrypt   asked by Sam Saffron 371 votes answered by Thomas Pornin 371 votes Can you answer these? How to know and disallow corporative Google Apps users to access third party apps with their corporative Google Apps accounts? How can a security administrator of Google Apps for an organization that has linked @organization.com accounts to Google Apps to know and disallow that users use their users@organization.com accounts ... google cloud-computing google-apps casb   asked by Eloy Roldán Paredes 1 vote Bank Has Emailed My Social Security Number I'm in the middle of getting a mortgage. Just now, my bank sent over an e-mail (sent to my Gmail account) with a bunch of .pdf attachments of documents I'm supposed to sign and return. The first ... encryption tls email identity-theft pdf   asked by Rob P. 2 votes Can I decrypt a DiskCryptor-encrypted hard drive using Veracrypt? I have a hardrive I encrypted with DiskCryptor back when I was using Windows. Now that I have Linux I want to decrypt the hard drive but it turned out DiskCryptor is not available for Linux, whereas ... encryption linux truecrypt veracrypt   asked by user97699 1 vote

Subscribe to more Stack Exchange newsletters Unsubscribe from this newsletter or change your email preferences by visiting your subscriptions page on stackexchange.com. Questions? Comments? Let us know on our feedback site. If you no longer want to receive mail from Stack Exchange, unsubscribe from all stackexchange.com emails. Stack Exchange, Inc. 110 William St, 28th Floor, NY NY 10038 <3