Not too long ago, Eric J. signed up for Thawte’s Personal E-mail Certificates service. While reviewing the various account settings, he noticed something odd. One of his “Lost Password” security questions read What was your alarm code to the Lindsay Bar in Trinity 1999?

Seeing that Eric didn’t have a house alarm in 1999 and, in fact, didn’t even know where Trinity was (let alone the Lindsay Bar), Eric was pretty sure that it was some kind of mix-up. He changed the security question back to What was your alarm code? and hit submit. No dice. When the page reloaded, it added the Lindsay Bar right back in the question.

A bit concerned at that point, Eric tried another question: What was your first cat’s name? Upon submitting the page, Thawte decided that he would rather have the question be What was your first cat’s name (uppercase), despite the fact that he had typed “fur ball” in lowercase. And it also insisted that the question have a space between the word “cat” and the question mark.

It didn’t take Eric too long to realize what was happening. For some bizarre reason, Thawte was completing his questions by using other user’s questions. When he typed in simply What was, it shot back What was Seti 1 . Typing in What did returned What did I find on Romsley hill?

After Eric shared this with me, I signed up for a personal e-mail certificate at Thawte. Within a few minutes, I not only had my my very own certificate, but limited access to all the fun questions that other people use. Here are a few interesting security questions that Eric and I were able to dig up (with the “search” question emphasized):


  • What did i do 25/08/2005 10h AM ?
  • what did you do to herman?
  • Where do I hide my conscience?
  • Is this the best I can be?
  • Will I ever be fat?
  • How did I break a rib?
  • Where did you find the holsters?

Very Personal:

  • Who did you first sleep with?
  • Who did you have a baby with?
  • Who did you have sex with at VIPP(1st & last name)?
  • Does my wife have a pierced navel?
  • Does your wife have a big butt?
  • did I ever had sex?
  • Do you love Allan?

Questions we all want answered:

  • What is the airspeed velocity of an unladen swallow?
  • How do baby wood ducks get down?
  • why are chickens happy?
  • Why was the 4th element introduced?
  • Where did it all began?
  • Is this a dream?

Who know reading other people’s secret questions could be such fun? Thankfully, this doesn’t work on the answers.

As for why Thawte chose to implement shared questions in this manner... I’ll leave that as an exercise in speculation for the reader.

