Another Day, Another Crappy Example of Web Security



  • Sigh... This sort of thing is too damn frequent:

    I figured out that it's actually complaining because there's a space in my response.  Roughly half of the questions (e.g. my first school, where I met my wife, my favorite pet's name, &c) all have a space in them.



  •  If you go to eoidirect.com (a website to get a copy of your insurance for mortgage lenders) and you create an account, the password field is a plain text field.  Like, they couldn't even set the property of the textbox to password?  :-/



  • @Lysis said:

     If you go to eoidirect.com (a website to get a copy of your insurance for mortgage lenders) and you create an account, the password field is a plain text field.  Like, they couldn't even set the property of the textbox to password?  :-/

    "I can't see what I'm typing, and I keep making mistakes. Change this so I can see what I'm typing."

    "But, boss, won't that compromise security and make us look inept?"

    "ARE YOU QUESTIONING MY AUTHORITY?!"



  • Mighty Mouse?



  • Perhaps eventually banks etc will just start assigning people their favourite childhood hero. They will totally pwnz j00 (well, more than they already do).

    I can imagine a scenario like this:

    Bank: "Who was your childhood hero?"

    Me: "Superman"

    Bank: "I'm sorry, that is unacceptable. Your new childhood hero is 'Danger Mouse'. Commencing brain remapping..."



  • @PhillS said:

    Perhaps eventually banks etc will just start assigning people their favourite childhood hero. They will totally pwnz j00 (well, more than they already do).

    I can imagine a scenario like this:

    Bank: "Who was your childhood hero?"

    Me: "Superman"

    Bank: "I'm sorry, that is unacceptable. Your new childhood hero is 'Danger Mouse'. Commencing brain remapping..."

     

    I think that should probably be [url=http://blog.wellsfargo.com/GuidedByHistory/2006/12/jack_the_dog.html]Jack The Dog[/url]

     



  • @bstorer said:

    I figured out that it's actually complaining because there's a space in my response.  Roughly half of the questions (e.g. my first school, where I met my wife, my favorite pet's name, &c) all have a space in them.

    Looks like it's time for Bobby Tables to register there...

     



  • Even better, in the computer game "Space Empires V", when you create your player setup file (with all the details of your space empire) you can't see the password... but when you log in to the game, you can! So not only is there no way to prevent someone from peeking over your shoulder and reading your password when you're playing, but if you type the wrong password when you create your empire file you won't know until the game starts - there's not even a "confirm password" box; you're typing in blind! :P



  • @alegr said:

    @bstorer said:

    I figured out that it's actually complaining because there's a space in my response.  Roughly half of the questions (e.g. my first school, where I met my wife, my favorite pet's name, &c) all have a space in them.

    Looks like it's time for Bobby Tables to register there...

     

    Robert'; DROP TABLE Users;

    hehe. One of my fave xkcd strips. Anyway, what's with "preset" secret questions? Restricting them actually makes the whole scheme less secure, as your Average Joe would put a relevant answer to that question, and anyone with a bit of info on the person would find out the answer. That's how Paris Hilton got pwned!

     

    Me? I like to do the weird question/answer thing:

    Whats the name of my first born kid?

    A: I don't have any kids yet, or do you know something I don't?


Log in to reply