Comment On Thawtf

I think...

Eastern or European?

Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

Griphon:

Eastern or European?

That's European or African tard

Not if I'm trying to hack their account.

My Comment:

I think...

I think this is a pretty good...

Three answers.

[Yes] [No] [File not found]

</Mandatory Daily WTF reference>

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

The cool thing about those questions is that you can answer them in a very long sentence:
Did I ever see a badger in real life?
"There was this one time in the city zoo I saw a badger, but later it turned out to be an elephant, so the answer is no."

Monday:

My Comment:

I think...

I think this is a pretty good...

I think this is a pretty good time to...

Q: Does your wife have a big butt?
A: FileNotFound

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

Well, I doubt those are the only possible answers. Logical, sure. Possible though...well, programming is one of the few practices in which a yes/no question cannot be answered with "Sure, kinda...maybe. Well, actually, probably not."

I'm sure there are plenty of security questions that ask a yes/no question and are correctly answered with "waffle".

Steve:

Monday:

My Comment:

I think...

I think this is a pretty good...

I think this is a pretty good time to...

I think this is a pretty good time to try that...

Steve:

Monday:

My Comment:

I think...

I think this is a pretty good...

I think this is a pretty good time to...

I think this is a pretty good time to take a nap and...

I seems they fixed it... too bad.

Q: Does your wife have a big butt?

A: Yarr!

Griphon:

Eastern or European?

i was going to ask a similar failure.. unfair.

ok.... then i'll ask...

African or European.

Swallows & coconuts. Monty Python & Star Trek - yer takes yer pick!

I'm thinking...hashed question strings with a really bad hashing function and no support for collisions?

Really, I got noothing.

I got it! Q: I know a girl that...

$query = "SELECT strSecretQuestion,strSecretAnswer FROM tblSecretQA WHERE strSecretQuestion LIKE '" . $secretquestion . "' LIMIT 1;";


I so bet something like this is the source of the bug. (yes, I know my example is vulnerable to textbook sql injection attacks)

This one time, at band camp...

I entered the following for my secret question:
What is your dog's name?

And got back:
What is your dog3 rows in set (0.01 sec)

WTF?

Given that God is infinite and that the universe is also infinite... Would you like a toasted tea-cake?

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

You are right. It should have been:

[Yes] [No] [File not found]

captain obvious:

I got it! Q: I know a girl that...

I know a girl that can't tell the difference...

Once, when I went to recover a password from a site, I found myself confronted with the security question "What is blue?". I tried all sorts of answers but never managed to figure out what it was that I had entered as the answer originally.

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

They only have two possible answers if you have no imagination. Example:
Does your wife have a big butt?
Yes
No
It's just the right size
I wish she did
Not as big as your momma's
Hell yeah, more cushion for the pushin'

heheheh, 1910 gives " You need to be at least 13 years old to enroll", 1911 seems to work though. Seems 1910 gets interpreted as 2010

Clbuttic

Alex:

Thawte decided that he would rather have the question be What was your first cat’s name (uppercase), despite the fact that he had typed “fur ball” in lowercase. And it also insisted that the question have a space between the word “cat” and the question mark.

Have you been "anonymizing" again, Alex?

Steve:

Steve:

Monday:

My Comment:

I think...

I think this is a pretty good...

I think this is a pretty good time to...

I think this is a pretty good time to try that...

I think this is a pretty goot time to try that thing you were...

After what happened to Sarah Palin's email account. I not longer answer those questions with the real answer.

Q: What city were you born in?
A: please define born

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

Splunge!

Ken:

$query = "SELECT strSecretQuestion,strSecretAnswer FROM tblSecretQA WHERE strSecretQuestion LIKE '" . $secretquestion . "' LIMIT 1;";


I so bet something like this is the source of the bug. (yes, I know my example is vulnerable to textbook sql injection attacks)

I fear for your soul as you did not specifically state that you would use parameters.

Just another avenue to crap security. I hate security questions like these. If it's for anything where you can phone/fax/write the company to get things fixed, they are not only unnecessary, but they add a very easy way for an attacker to guess their way into your account. And, if they know you, the social engineering to find out something like "What was my prom date?" is beyond simple.

That and I've had security questions where I can't answer a single one. Including the in which city were you born question (and I'm not the only one here, there's millions of us who have two different answers to that, you want the one written on my birth or adoption certificate?). And I just flat out refuse to use my birthday as a security question, good God that's always a dumb one.

No, if I forget my password, I'll phone the company and have them ask me account questions like normal to get things put back in order, TYVM. I'm well aware this costs money, and if the place wanted to bill me $5 for the agent's time, that's fine with me. It'd help me remember by password for next time!

Horamash:

The cool thing about those questions is that you can answer them in a very long sentence:
Did I ever see a badger in real life?
"There was this one time in the city zoo I saw a badger, but later it turned out to be an elephant, so the answer is no."

And you'll never be able to successfully type that in in the exact same way. (Especially when you enter "yes" because you saw a real badger the next day, and don't remember that you first answered the question when your life was still badgerless)

L:

Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!

Great! Make sure to turn of Safe Search!

shepd:

That and I've had security questions where I can't answer a single one. Including the in which city were you born question (and I'm not the only one here, there's millions of us who have two different answers to that, you want the one written on my birth or adoption certificate?). And I just flat out refuse to use my birthday as a security question, good God that's always a dumb one.

Yeah I don't really remember the city I was born in. I asked my mom and it turns out the area was redistricted so it's a different city than when I was actually born there. I just said screw it, I don't care.

erich:

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

Someone needs to learn binary math
2^5

Just wondering... how many others do as I do, and have a secret question that actually bears no relation to the answer?

e.g.

I would have a question like:

Q.) What color is my duvet?
A.) Harold Jones III


I have never entered one of these questions with a "matching" pair.

On a related note, I had to laugh at my bank once, they didn't get the whole security question/answer thing. I called one day to sort something out, and they asked me what my security question was? (the actual question, not the answer)... I tried to explain to the CSR that I had no clue what it was, that it was the answer that I would know, if they told me the question. Finally I got her to spill the last 3 letters of the question, which was enough for me to recall the exact question I had entered. Oddly enough, I've switched banks since... not sure if this retarded policy still exists.

The company I work for has inexplicably used Thawte despite my repeated advice against it.

The Thawte web site is beyond terrible. It was obviously coded by a team who may know something about programing, but know nothing about programming for the web.

I hate hate hate hate hate Thawte.

KattMan:

Someone needs to learn binary math
2^5

Don't you mean 2^3 + 2^2
I mean, I don't think the answer will be yEsnO

KattMan:

erich:

Binary Logic:

Does anyone else see a problem with a security question that has only two possible answers?

[Yes] [No]

lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

Someone needs to learn binary math
2^5

Actually, he's right. It's 2^3 (yes variations) + 2^2 (no variations).

L:

Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!

this page is the 7th result on google for that query.

cheers:

KattMan:

Someone needs to learn binary math
2^5

Don't you mean 2^3 + 2^2
I mean, I don't think the answer will be yEsnO

Oh god! I was just a victim of the Math Axiom to Muphry's Law wasn't I?

L:

Q: Does your wife have a big butt?
A: FileNotFound

My god man, your wife must have a big butt if you can lose a file in it.

> Do bananas make you feel sexy?

Not this again...