- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
Not so long ago installation for a database server decoded from a key how many licences you have. The thing was that I did not had a key with me on a remote office one time and simply left the key field blank during install. Of course installation complain about missing key for a few times after pressing Next button, and then installation asked me how many licences I have (more like want to have), and whatever number I typed he was perfectly happy with it and continue with install. After installation was completed I had as many licences as I wanted.
Admin
I recall a friend of mine worked in a scholastic environment when the administrative offices upgraded to XP. There's a "password hint" button on that login, and it was policy to make the hint the same as the password. "If you make your hint something other than the password," went the memo, "no one will be able to retrieve it because we are now using Active Directory for all accounts."
Really? Is the admin for the AD THAT lazy?
Another was a BBS I was one that after three password tries, you got a popup that said due to failed logins, you password would be changed. You then got a mail that said your passowrd had been changed to the default password, which was your login plus "123" on the end.
That software was replaced pretty quickly once that hole was found.
Admin
Admin
I got a guy asking if I was jenny. Rather strange. Didn't know anything about a leaglease pro software..
Admin
Another story of a terrible security implementation:
In the mid-nineties, my parents thought that I was spending too much time on the computer, so they wanted to figure out how they could lock it down. The machine was running Windows 95, so the NT locking features weren't available yet.
They ended up buying and installing a program called Clasp 97 (I believe), which would lock the computer as a full screen application until the correct password was entered.
The problem was that it didn't start itself before explorer started- I think it just added itself to the normal "Startup" folder. So for ~10-15 seconds while the OS was starting up, you could use the machine until it loaded and locked you out.
As an enterprising young man, I quickly figured out that I could use that time to rename the application's directory in Program Files, and the shortcut in the startup folder would fail, and I had full access to the machine.
After that my parents realized that they couldn't keep me off of the computer with a technology solution and I could play all of the Ski Free that I wanted.
Admin
! Legalese Pro License File - Do Not Modify
Lol. Nice encryption.
Admin
That seems pretty stressful to me, having to rename a direcotry somewhere. I think you could just press Shift or Ctrl during startup and windows would ignore the startups.
Admin
Obviously the Legalese Pro license file was supposed to have been double-encrypted in ROT13, so n00b users couldn't mess with it...
CAPTCHA: This would make a better license implementation...
Admin
Reminds me of the time when I "cracked" DBase III (yes, this was very long ago in a land far, far away) using a debugger. While stepping through the program (in 386 assembler of course), I found a conditional where it tested a register for a value. I changed the value of that register manually to what the conditional was looking for and poof I had a valid license. Ah, the good old days, when men were men and programs crashed in real mode.
Admin
Great WTF!
The sad part is that, with the draconian DMCA laws being what they are, I bet that this thread breaks the law in that it tells us "how to circumvent copy protection" or some BS like that.
Admin
And could somebody please, for the love of god, tell me why people put CAPTCHA : blah blah blah after their posts?
Admin
Maybe that's under the Reference License and he's scared of being sued?
Admin
How many other conditionals did you need to get through?
Admin
This reminds me of SQL Server. In the Control Panel you had the so-called Licence Manager with a text field where you enterd just the number you liked. Is this still the same?
Admin
In Windows/AD you can just re-set the password but in theory nobody can read it because it has been hashed before it was put in the database.
But, of course, it's not a big deal to reset a pwd. Indeed, a WTF.
Admin
pwn that noob with the uber leet hax and the pr0n omg wtf?
dairy queen?
ROFLMAO!
-- Seejay
Admin
In a word: Yes. Being a real hacker means showing creativity in the usage of technology. You can't do that if you're always under pressure to get some job done as quickly as possible.
Admin
INVALID CAPTCHA Was: ewww Expected: tastey
Admin
I can't believe that noone has caught perhaps the biggest WTF^D^D^Dsorry.. err I mean missed opportunity here. Brian is a total luser for not:
Admin
It's what happens when really stupid people think they're being clever and witty. Furthermore, since we are talking about stupid people here, once the CAPTCHA-posting becomes an automatic behavior, it's almost impossible to break the conditioning.
Admin
I remember the early days of the shareware movement. Most trial period expirations could be circumvented by adjusting the date on the system clock before starting the program, or changing a value in an ini file.
Admin
I don't mind reading it.
Captcha: dubya, he doesn't like free speech either
Admin
INVALID CAPATCHA KEY
Was: WTFCapatcha Expected: dreadlocks
CAPATCHA: dreadlocks
Admin
One. Well, I had to trace through several (which actually didn't take that long), but only one really mattered.
Admin
Admin
I don't know about that. The way I read it was he was very anxious to get off the phone and stop talking about the app, so maybe he was a reseller who "hacked" the license routine to get people using it to call him instead of the author, and maybe the author found out and threatened to sue him into the stone age or something?
Admin
<joke>It's odd that they didn't rebrand it as "New Microsoft Windows Leetspeak, now with security version 1.2" or something.</joke>
No, d3wd, it doesn't. It actually looks like a blue letter E. Believe me, I saw it with my own eyes.
Admin
Wouldn't it be faster if you could just hold the shift key when the windows is booting up?
Admin
Another good way to avoid tech support for relatives is to ask them if they are running any pirate software (specifically windows or office).
If they do, I won't help them. Too many stability issues come from the fact that people run pirated copies. I tell them to reinstall using only legal software, and then call me if the problem is still there. They never do.
If that fails (they are actually paying for their software) I say I have no idea how to solve the problem, I'm a Unix guy.
Admin
If only all licesnse keys where handled this way... :)
Admin
Huh? The REAL WTF is that someone used a program that would lock up important files when a license issue arose.
IMHO, a tool would have to be pretty amazing to justify taking on that risk with business-critical files.
Admin
I once "cracked" another software in a similar way. I downloaded a demo, and in the license-file, there was a licenseId. I just changed a single character in the string, and suddenly I had the full version of the software.
if (code == "6fas5df6asd46f653942ljk424j2öj42ds") activateDemoMode(); else runTheFullVersion();
Not the best way to secure a demo-version...
Admin
Since we're all relating fun past experiences. Heres my first foray into the seedy underbelly of the cracking scene.
When I was in HS I liked to mess around with editing and making my own sound effects. To do this I found Cool Edit, a nice audio app that had a somewhat useful shareware version. Now Cool Edit had about 20 different things you could do but the shareware would only allow 2 active per session. While looking around in the hex code with my ever present copy of X-tree Gold I noticed something odd. Mixed in with the random jargon was a odd looking word hojdivad along with a number string, I recognized it was part of the authors name David Johnston. Needless to say I immediately went to the registration screen put in hojdivad and the number and bamph I was now editing with the pros!
Admin
Ha - captcha: pirates!
In the good old dos days, I had a programm, you could run 15 times. Clever me, I made a backup of the program-folder, but after running 2 times, there was no difference to run it 3 times - even after reboot.
Now DOS doesn't have a registry, and just very few directories or files to rely on. The Root-Directory, /DOS, and the directory of the program itself.
Looking for recently changed files nothing showed up. But I knew norton tools allowed to change a files date.
Made a backup of C:/ and C:/DOS, and found out: C:/command.com differs after running at one byte.
Having some kind of diff laying around, I recognized: a blank was added to command.com for every run of the program.
Nice try. Security by obscurity - imagine having hundrets of programms acting that way. :)
Well - yes - I know - DOS-Slashes are the other way round.
Admin
Nobody will tell you the real reason, but you're invited to participate.
captcha: secret.
Admin
it's 1337...
not 3773.
kthnxbye.
Admin
I can see you thinking that "running out of lawyers" is a Good Thing. Think again. At that point, they would just peel your skin off, put you in a burlap sack with a fox and a poisonous snake, and throw you into the Tiber.
They were hard, but fair. If only they'd invented letterheads and fax numbers back then.
Admin
While the "copy protection" was probably a bit too lenient, I can't call it a WTF. It's a small ISV who sensibly didn't spend too much time on copy protection (just enough to remind the honest folk to register) knowing that however much time you spend on that sort of thing, someone out there will crack it anyway.
Admin
I've had a few clients long in the past that lost their keys to a certain MS product but still had the original CD (And a set of floppies too). The funny thing I found out? If you clicked 'Exit', it would just go to the next step and install anyways.
Was not the first MS product that did that either. A specific OS did the same thing. Clicked the close box, and it went on.
There have been (And still to this day) plenty of these blunders. It's just the companies with $$$ to throw away make sure they work long enough to give the crackers some fun. Other companies flap their gums that it is unbreakable and end up with crackers doing it in record time.
Captcha: slashbot - /// / / / /// / / / /// / / / ///
Admin
There are two classic trick questions women ask: "Is she prettier than me?" and "Does this make me look fat?". In both cases, the only safe way out is to answer "NO!". Say it loud, say it fast, and DON'T LOOK FIRST.
Admin
YOU fail, douchebag it's 1337 not 7337 or whatever else you come up with! :D
Admin
odoimsyh http://yrykihre.com ulpxspjr jcbpbxad
Admin
btnktfey http://czegwkav.com pbxaryrp xzcrpgmy
Admin
pseheorz http://lhzoehqb.com mnjuklwq hufprcpg
Admin
Looks like the CAPTCHA isn't working well enough. Strange that the bots are only hitting this article (as far as I've seen).
Admin
I wonder if it's common enough for the CAPTCHA code word to not change often, and for people to put "Captcha: whatever" in their posts, that a bot might scan for those and try them?
It wouldn't be all that hard to code, and since the people that spam forums clearly aren't deterred by extremely low success rates, then a technique that works even 0.1% of the time probably seems like it would be worth a shot.
Admin
Well, it's 2010 now. Does Noah have another visit with his relative coming up?