User D.W. - Information Security Stack Exchange

165 votes

Accepted

Why would someone trust DuckDuckGo or other providers with a similar privacy policy?

answered Mar 13, 2012 at 21:40

114 votes

Accepted

Is it generally a bad idea to encrypt database fields?

answered Jul 7, 2012 at 23:59

93 votes

Can anyone provide references for implementing web application self password reset mechanisms properly?

answered Jan 30, 2011 at 6:05

92 votes

Accepted

Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable?

answered Jun 7, 2011 at 19:02

84 votes

How to achieve non-repudiation?

answered Aug 11, 2011 at 3:26

79 votes

Accepted

Should I use AntiForgeryToken in all forms, even login and registration?

answered Feb 12, 2011 at 2:32

78 votes

Accepted

Is Django's built-in security enough?

answered Jan 10, 2013 at 5:33

78 votes

Accepted

Can wiped SSD data be recovered?

answered Mar 7, 2012 at 19:35

76 votes

Accepted

Is HTTP compression safe?

answered Sep 20, 2012 at 0:19

75 votes

Accepted

Lessons learned and misconceptions regarding encryption and cryptology

answered Feb 20, 2011 at 3:52

68 votes

Accepted

Effectiveness of Security Images

answered Sep 5, 2012 at 16:49

66 votes

Accepted

Recommended # of rounds for bcrypt

answered Jul 15, 2012 at 22:57

65 votes

Accepted

Attacker circumventing 2FA. How to defend?

answered Jun 7, 2017 at 23:18

61 votes

Accepted

I think I accidentally DoS'd a website. What should I do?

answered Apr 2, 2012 at 1:24

56 votes

Accepted

Why do we ask for a user's existing password when changing their password?

answered Nov 21, 2012 at 5:01

55 votes

How great is the risk in publicly sharing part of a private key?

answered Dec 13, 2017 at 2:44

53 votes

CRIME - How to beat the BEAST successor?

answered Sep 11, 2012 at 9:22

52 votes

Accepted

My understanding of how HTTPS works (gmail for example)

answered Apr 12, 2012 at 2:40

52 votes

Accepted

I just send username and password over https. Is this ok?

answered Sep 12, 2011 at 5:11

51 votes

Accepted

At what point does "hacking" become illegal? (US)

answered Aug 18, 2011 at 6:26

47 votes

Lessons learned and misconceptions regarding encryption and cryptology

answered Feb 20, 2011 at 3:36

47 votes

Accepted

Where to report malicious URLs, phishing, and malicious web sites?

answered Jan 19, 2011 at 7:57

47 votes

Accepted

What cookie attacks are possible between computers in related DNS domains (*.example.com)?

answered Mar 5, 2012 at 7:15

47 votes

Accepted

Why is 0x41414141 associated with security exploits?

answered Aug 15, 2012 at 1:32

46 votes

Accepted

How does HSBC's "Secure Key" actually work?

answered Nov 12, 2012 at 3:08

44 votes

Accepted

Is it safe to store the database password in a PHP file?

answered Apr 2, 2012 at 1:27

44 votes

Accepted

Is making a clean install enough to remove potential malware?

answered Sep 16, 2011 at 6:46

42 votes

How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

answered Mar 18, 2011 at 16:42

41 votes

How can I keep a roommate from seeing my web activity?

answered Mar 19, 2011 at 3:48

41 votes

What is the difference between an X.509 "client certificate" and a normal SSL certificate?

answered Jan 7, 2011 at 5:32

Stack Exchange Network

1,023 Answers

Why would someone trust DuckDuckGo or other providers with a similar privacy policy?

Is it generally a bad idea to encrypt database fields?

Can anyone provide references for implementing web application self password reset mechanisms properly?

Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable?

How to achieve non-repudiation?

Should I use AntiForgeryToken in all forms, even login and registration?

Is Django's built-in security enough?

Can wiped SSD data be recovered?

Is HTTP compression safe?

Lessons learned and misconceptions regarding encryption and cryptology

Effectiveness of Security Images

Recommended # of rounds for bcrypt

Attacker circumventing 2FA. How to defend?

I think I accidentally DoS'd a website. What should I do?

Why do we ask for a user's existing password when changing their password?

How great is the risk in publicly sharing part of a private key?

CRIME - How to beat the BEAST successor?

My understanding of how HTTPS works (gmail for example)

I just send username and password over https. Is this ok?

At what point does "hacking" become illegal? (US)

Lessons learned and misconceptions regarding encryption and cryptology

Where to report malicious URLs, phishing, and malicious web sites?

What cookie attacks are possible between computers in related DNS domains (*.example.com)?

Why is 0x41414141 associated with security exploits?

How does HSBC's "Secure Key" actually work?

Is it safe to store the database password in a PHP file?

Is making a clean install enough to remove potential malware?

How feasible is it for a CA to be hacked? Which default trusted root certificates should I remove?

How can I keep a roommate from seeing my web activity?

What is the difference between an X.509 "client certificate" and a normal SSL certificate?