QoTW #45: Is my developer’s home-brew password security right or wrong, and why?
An incredibly popular question, viewed 17000 times in its first 3 weeks, this question has even led to a new Sec.SE meta meme. In fact, our top meta meme explains why – the First Rule of Crypto is...
View ArticleClik here to view.
QoTW #46: CTRL+ALT+DEL Login – Rationale behind it?
CountZero asked this interesting question: Why is CTRL+ALT+DEL required at login on Windows systems? His perspective was that it adds an extra step before login, so is bad from a usability perspective,...
View ArticleQoTW #47: Lessons learned and misconceptions regarding encryption and cryptology
This one is a slightly different Question of the Week. Makerofthings7 asked a list-type question, which generally doesn’t fit on the Stack Exchange network, however this question generated a lot of...
View ArticleQoTW #48: Difference between Privilege and Permission
Ali Ahmad asked, “What is the difference is between Privilege and Permission?“ In many cases they seem to be used interchangeably, but in an IT environment knowing the meanings can have an impact on...
View ArticleQoTW #49: How can someone go off-web, and anonymise themselves after a life...
Everything we do these days is online, whether through our own social media, purchases from online stores, tracking by google, Amazon etc., and the concept of gaining some sort of freedom is getting...
View ArticleQoTW #50: Does password protecting the BIOS help in securing sensitive data
Camil Staps asked this question back in April 2013, as although it is generally accepted that using a BIOS password is good practice, he couldn’t see what protection this would provide, given, in his...
View ArticleCommunicating Security Risks to Senior Management – 3 years on
Back in July 2011 I wrote this brief blog post on the eternal problem of how to bridge the divide between security professionals and senior management. Thought I’d revisit it nearly 3 years on and...
View ArticleIs our entire password strategy flawed?
paj28 posed a question that really fits better here as a blog post: Security Stack Exchange gets a lot of questions about password strength, password best practices, attacks on passwords, and there’s...
View ArticleQoTW #52 Which factors should I consider for devices that accept handwritten...
Indrek asked this question on digital signature devices, such as the ones delivery drivers get you to sign for your packages. While he identified EU directive 1993/93/EC as appearing to regulate, he...
View ArticleQoTW #53 How can I punish a hacker?
Elmo asked: I am a small business owner. My website was recently hacked, although no damage was done; non-sensitive data was stolen and some backdoor shells were uploaded. Since then, I have deleted...
View Article