0
Computer Security
Computer security is the prevention/detection of, and response to, any unauthorized actions by users of a computer system. Questions about security practices and principles belong here.
1,022 Questions
If the length of two MD5 hashes are the same does this mean the strength is equal?
MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function that always has a 128-bit (16 byte) hash value, so all MD5 hashes must be the same length. As far as "strength" is concerned, hashes are intended to provide a means to check whether a message has been tampered with. MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. They are NOT a means for encrypting data. For hash functions, "strength" would have to refer to collision resistance - i.e. difficulty of producing another message with different contents but the same hash.
Unfortunately, MD5 is no longer considered to be entirely trustworthy for this purpose; it now that it is easy to generate MD5 collisions (messages with different content but the same hash value). It is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files.
Can you crash a website by sending a lot of emails?
It IS possible - and has been done in the past. However by 'a lot of emails' you would be talking about many hundreds of thousands sent simultaneously. You would need the co-operation of thousands of people, all sending at precisely the same time in order for such a cyber-attack to have any effect. Bear in mind, though, any such attack would be illegal - and every perpetrator would eventually be traced.
What are the dangers of using email?
- getting spam
- getting email's from people you don't even know
- someone sends you a hurtful and hateful Email that makes you upset
- someone could send you inappropriate emails
you can get e-mails from random people, you can send email to people whio are not authorised to see or recieve it. Some IPs block emails if they believe they are spam, this frequently occurs when a company deals prodominently in email communication.
Is formatting a laptop possible if bios is password protected?
This depends on the kind of BIOS protection, and the other BIOS settings. The BIOS is not actually on the harddrive, so this is potentially possible.
If the BIOS is only protected from changes to it's settings, then you can try booting to removable media (CD, DVD, Flashdrive, etc.) which has the option to format a drive, and format it from there. OS install disks usually have this option, as well as boot disks like UBCD and Bart PE.
If the BIOS is protecting the system from booting up, then you will probably need to remove the harddrive and plug it into another computer to complete this task. There should be no password prompt once it is in the other computer.
IF the BIOS protection is locking the actual harddrive, then you will probably need to clear the password first. If you do not know the password, then you will need to try to break in (assuming is is actually your computer). This can be difficult, but there are programs which can make it easier. One such program is on the UBCD.
What is deep packet filtering?
Deep packet filtering first examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. This differs from "stateful packet inspection" (shallow filtering) where only the type of traffic and possibly the source and destination are inspected, not the contents of the traffic.
How do you get rid of AIM hackers?
Change your password often, and make sure it's strong (mix of letters, numbers, and caps).
What ports need to be open for the client to use the FTP client software?
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.
In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20. From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened: * FTP server's port 21 from anywhere (Client initiates connection) * FTP server's port 21 to ports > 1023 (Server responds to client's control port) * FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port) * FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode. In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data. From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened: * FTP server's port 21 from anywhere (Client initiates connection) * FTP server's port 21 to ports > 1023 (Server responds to client's control port) * FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server) * FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)
Can you use a phone to save yourself from forgetting your computer passwords?
You can certainly store computer passwords on your phone... HOWEVER - make sure you (a) disguise them so they're not obvious to a 'casual snooper' who may also have access to your computer, and (b) store a copy of the data in another place in case your phone is stolen !
What system is the father of almost all modern multiuser systems?
There is no correct answer without qualifying which multiuser systems are being discussed. All modern operating systems have inherited traits and abilities from other older multiuser systems. There are multiple multiuser operating systems currently in use. IBM has their mainframe system (Z/os) as well as IBM i, both multiuser systems are unique from each other and from other systems. IBM also has AIX, a descendant of unix. Current unix systems go back to the original proprietary AT&T unix implementation in the 1970's and 1960's. Unix itself was modeled after a multiuser system called Multics. Linux was modeled after unix but written independently of it. Microsoft Windows NT was designed by Dave Cutler who brought his experience in developing OpenVMS with him. All other Microsoft Window implementations follow from that.
Why does PC security interfere with downloading from the Internet?
Computer security is information security as applied to computers and networks.
The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. This included not only protection from unauthorized activities or untrustworthy individuals, but also from unplanned events and natural disasters. Bell-LaPadula model is one of the Computer security policy. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel.
What are the uses of the command line?
From the command line (in windows) you can access many of windows internal features such as trouble shooting the dll structure and network analysis for more information you can type 'help' in CMD (command line)
Most other operating systems have command lines, such as Linux and Ubuntu
WARRNING: you can really damage your computer if you don't know what your doing
Is there a way to see every password ever saved on your computer?
Yes, i know that if you check the remember my password then you can run a program that checks your computer and finds saved data.
Also if you installed a program on your computer called a Keylogger it would save every keystroke you make and you may anytime see what you wrote.
Note: The Keylogger is technically a virus However if you intently use it for security purposes then it is not, then it is counted as an asset.
WEP.
What is the best definition of Information Security?
There are so many different conflicting definitions about Information Security out there; however there are clear censuses amongst the field's professionals and leaders on the following definition writing by Michael Chahino and Jason Marchant:
INFORMATION SECURITY is a discipline governing the framework for the continuous cycle of safeguarding information and ensuring related regulatory compliance.
- Discipline
• a branch of instruction and learning such as history, finance, economics
- Framework
• a frame or structure composed of parts fitted together documenting the methodology of incident identification, mitigation, and resolution much like the scientific method
- Cycle
• a series of processes that are repeated in a precise and deliberate manner
- Information
• electronic, printed, audible, visual, memorized
- Compliance
• ensuring that the institution is in compliance with applicable laws, regulations, and contractual agreements
Source(s):Computer Security Institute (CSI) 2010 Annual Conference
Network mapper
Could probably be because when you installed Need For Speed it reserved its own memory needs. In other words while you were installing it it asked you or it informed you that it will need more memory to run...
Yes you still have 40GB of memory but a chunk of that belongs to Need For Speed..
Try to UN-Installing it and Install it again and pay close attention to what it says while its installing into your PC. If it tells you that it will take so and so number of memory see if you can limit the size of it.
What does tpm mean in computers?
A trusted platform module (TPM) is a chip that handles FDE (full-disk encryption) and other encryption-based security on a computer. It is primarily used in operating systems such as Windows 7 and 8 with the advent of BitLocker, which if enabled will disallow you from using the hard disk in another computer.
Why do you have a user name and password?
Usernames and passwords are used to prove that you are who you say you are and allow for users to have there on private files.
Where do you find the dell inspiron mini 10 serial number?
On the bottom left side there is a sticker with the info.
How RSA is public key algorithm?
RSA (which derives from the first initials of the last names of Prof. Ronald Rivest, Dr. Adi Shamir, and Prof. Leonard Adleman who first publicly described it) is an algorithm for public-key cryptography. A British mathematician named Clifford Cooks, who was then working for the UK intelligence agency GCHO, developed an equivalent system which was documented in an internal document in 1973, but because most computers of the time were not ready to handle the intensity of the computations it was never deployed (as far as is publicly known). That original work was not revealed until 1998 due to its top-secret classification, and Rivest, Shamir, and Adleman devised RSA independently of that classified work.
RSA is a very popular algorithm now and assumed to be secure given sufficiently long keys and the use of up-to-date implementations. It is the first algorithm known to be suitable for both encryption AND signing - although not usually at the same time.
The attached link goes into more detail on the nuts and bolts of the algorithm, but the basics are:
1) two large prime numbers, p and q are chosen at random
2) through a series of mathematical operations, two keys d and e.
3) the key d is held as the private key by the originator (it is kept secret)
4) the originator publishes the public key e and n- the product of the two original primes, i.e. n=p·q
5) messages encrypted or signed with d can only be decrypted or authenticated using n and e (and using the appropriate math of the RSA algorithm).
6) messages encrypted using d can only be decrypted and read by the holder of the private key, d.
7) RSA can be used to "sign" a message by creating a hash of the message, then using the private key to encrypt the hash, and then attaching this "signature" to the message. The recipient can authenticate the source of the message by using the public key to decrypt the signature and comparing the value of the decrypted hash to their own hash of the same message. As long as the two agree, the message must have come from the holder of the private key and the message has not been tampered with. If the two hashes DON'T match then either the sender does not have the private key (and thus we would assume is NOT who they claim to be) or the message has been tampered with or corrupted.
