Questions tagged [security]
For posts about security issues centered around Stack Exchange. If you think you found a serious security vulnerability, please report it on the Security page found at https://stackexchange.com/about/security. Do not post such reports on Meta!
218
questions
-20
votes
2
answers
248
views
Is Stack Exchange vulnerable to manipulation by an artificial general intelligence?
I recently read the post Is Stack Overflow's reputation system vulnerable to manipulation? which was reassuring, but I'm wondering if it is likely that the tools and the people who use them could be ...
16
votes
0
answers
380
views
Feature request - A simple credential leak detection in the answer tab
I recently analyzed Stack Overflow for leaks,
and the sites contain a lot of leaks (Stack Overflow did contain most of them, but still askubuntu.com and unix.stackexchange.com do contain some leaks).
...
12
votes
0
answers
86
views
Use a different CAPTCHA provider for privacy and security [duplicate]
Note: this is not a duplicate of Replacing reCAPTCHA or Please use another captcha than reCaptcha, because this post is chiefly about privacy and security concerns, and not usability, challenge ...
-8
votes
2
answers
220
views
What responsibility does SE/SO have in ensuring users understand they may be inadvertently sharing sensitive information in their posts?
SO/SE is a great resource for folks. These folks often [inadvertently] share information they might not have meant to.
A good example is when someone posts a question in any of the communities with a ...
-5
votes
1
answer
122
views
Trustworthiness of proposed links?
If a question is asked and someone proposes a link to some executable etc. as a solution to the question, has there been a case that malware was being suggested (perhaps unknowingly too)?
Is there a ...
172
votes
4
answers
14k
views
Recent site instability, major outages – July/August 2022
On Friday, July 29th, starting at 13:36 UTC, we experienced a very large surge in traffic to our web servers, indicating a DDoS attack. This surge effectively brought down the Stack Exchange Network ...
62
votes
2
answers
16k
views
Testing new traffic management tool
Stack Overflow will be experimenting with some new HTTP traffic management technologies. Users should not see any negative effects. That said, we felt it would be prudent to announce that the test ...
26
votes
2
answers
435
views
Who is Samuel Ordonez and why are they a moderator here?
I just noticed this profile:
What is going on?
If it's a new SE staff member, shouldn't they only get staff bit, and not moderator?
Or is this a new hacker?
There are more cases like this on other ...
430
votes
2
answers
56k
views
Update on the ongoing DDoS attacks and blocking Tor exit nodes
For the past month, Stack Overflow has been hit by weekly DDoS attacks that progressively grew in size and scope. In each incident, the attacker(s) have been changing their methodology and responding ...
10
votes
1
answer
133
views
What scope to supply to get a refresh token from Stack Exchange?
In the process of implementing a OAuth app for Stack Exchange, I noticed that none of the approaches that conventionally work - supplying a offline_access scope, for example - result in the OAuth ...
57
votes
0
answers
1k
views
Stack Overflow and CVE-2021-44228 vulnerability (in Log4J)
Update 2021-12-21:
Mitigation for all Log4j-related 3 CVEs is complete on the following products:
Stackoverflow.com and related (public) websites
Stack Overflow Teams: Free, Basic and Business
Stack ...
10
votes
0
answers
129
views
Use subresource integrity for JavaScript embedded from other domains
SE sites require a whole bunch of JavaScript files to work, with most of them served from a different domain than the main Stack Exchange or Stack Overflow domains. Some of these JavaScript files are ...
48
votes
2
answers
1k
views
Malicious app that misuses Stack Overflow trademarks is up on the Google Play Store
Today I came across an Android app which is misusing Stack Overflow's logo and name in the Google Play Store.
Users have reported regarding the security issues they have faced and the developer has ...
30
votes
2
answers
854
views
Removing granted access to an Application is no longer working
When you visit your profile on the tab Settings you'll find the option "Applications".
It lists the Applications you've granted access. Each Application has a button at the right hand side ...
-2
votes
2
answers
267
views
Option to remove the @username references in the replies from your history, when you change your name [duplicate]
Regarding Change all @username references in comments when a user changes their name? and taking into account the issues raised.
Rather than suggest a change, I suggest a reference removal from every ...