The Daily WTF: Curious Perversions in Information Technology

2007-06-29 Reply Admin

I'm happy that my company change there policies. Befor we had to have a ridiculous hard password, changed all 60 days, no previous passwords allowed (yeah, people who worked here for some years were really pissed off). At least it only checked the whole string, so most of the people started with SomeWord1, SomeWord2, SomeWord3, etc.

Now that we have access cards, we still need a ridiculous hard password, but at least we don't have to change it anymore. So it's not really a problem.

And I don't have anything against the perma lockout. I need the support anyways to change my password most of the time.

2007-06-29 Reply Admin

James Steiner:
in osX/Linux/etc:
I dunno

As long as the system has a sane configuration of keyboard:

Compose c o

(I prefer to map Compose to the AltGr key.)

2007-06-29 Reply Admin

James Steiner:
Again, all I need to remember is the starting key, the rest flows from that.
Now, I expect that the result-space of this pattern is probably small enough that a system that knows about this specific kind of pattern could crack it pretty quickly, given unlimited retries. But this is a Windows domain password, where 3 bad attempts locks out the account for an hour. So, not a huge worry, I hope.

Hope - always a good thing to base a security system on ;-)

Seems like your system makes it very difficult to guess the password, but much easier to watch as you type it?

2007-06-29 Reply Admin

SamP:
Hint for all you clueless people about (C) vs c-in-a-cirlce debate.
The presence, or lack thereof, of any particular symbol before a piece of text has NO LEGAL MEANING WHATSOEVER on whether the text is copyrighted.

If I write something, the copyright belongs to me, period. I can put (C), c-in-a-circle, or nothing at all in front of it, and that does not change the copyright status of the text in question, nor what you are allowed or not allowed to do with that text.

The symbol is purely informative, design to warn or scare off people, or accent the fact the text is copyrighted if the user otherwise might not have known that. But again, it does not have legal meaning. Ignorance is no defence in court, so someone can't say "well this text had no (C) symbol so I yanked it".

In other words, the (C) symbol is like a sign saying "PRIVATE PROPERTY: NO TRESPASSING". It is only there to warn you. Even if the sign wasn't there, you'd still break the law by entering my property.

It also serves the purpose of making it a lot harder for someone to claim that he wrote or created the copyrighted material when your copyright statement is on it.

However, whether the statement has any legal significance is beside my original point. It's pointless to use both the copyright symbol (or a reasonable ASCII fascimile) AND the word "Copyright" in the same statement.

2007-06-29 Reply Admin

Sgt. Preston:
It's pointless to use both the copyright symbol (or a reasonable ASCII fascimile) AND the word "Copyright" in the same statement.

Is that the "PIN number" discussion I can hear?! I agree though.

chimaera · 2007-06-29 Reply Admin

. . .or my personal favourite: 'Software program' *

(* no, they're not making a distinction from firmware)

2007-06-29 Reply Admin

This isn't snafu isn't surprising, given Verizon's awesome mathematical abilities:

http://www.verizonmath.com/transcript.htm

Another WTF in itself.

2007-06-30 Reply Admin

James Steiner:
I dunno

alt-g © alt-r ®

and many other symbols with alt and shift-alt. Very handy.

œ∑´®†¥¨ˆøπåß∂ƒ©˙∆˚¬…Ω≈ç√∫˜µ Œ„´‰ˇÁ¨ˆØ∏ÅÍÎÏ˝ÓÔÒ¸˛Ç◊ı˜Â

2007-06-30 Reply Admin

-snip- And why do people insist on spelling out "Copyright" AND showing the copyright symbol? It's like saying something costs $5.99 dollars or the humidity is at 80% percent. -/snip-

Like me, they work in the Department of Redundancy Department.

2007-06-30 Reply Admin

KattMan:
Matt:
rilarios:
PsychoCoder:
How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

You young guys have it easy.

Yes they do. We to use a soldiering iron, diodes, and jumper wire to change our passwords.

2007-07-02 Reply Admin

Does the domain controller log from which workstation a bad login attempt is made?

If not, I have a really simple way to convince clueless administrators that password-logout is a Bad Idea. Just enter "admin" and 3 wrong passwords at the login prompt. Make it your habit to do that once a day (say).

cklam · 2007-07-03 Reply Admin

KattMan:
Someone You Know:
Harrow:
KattMan:
Matt:
rilarios:
PsychoCoder:
How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

You young guys have it easy.

You had passwords? We had to hire a guard with a handgun to stand by the terminal.

-Harrow.

A handgun?! All we had was harsh language!

Grog have stick. Grog bash head.

Uuuuuurrrggggggggggggggghhhhh. Urgh. Urgh. Urgh. Uuurrrggghhh. Gronf.

2007-07-09 Reply Admin

SamP:
A requirement of "no 4 character correspondence with any previous 100 passwords" is a real WTF, because it means that the passwords must be stored in PLAINTEXT somewhere on the server....

Probably way too late to bother with responding to this, but... it's my understanding that Windows security does store the plain text of the password (encryprted) somewhere. There are password strength testers that rely on this, as they look into that place to get the password database to test all the passwords for hackability (rather than try to hack the passwords themselves).

2007-07-12 Reply Admin

KattMan:
Matt:
rilarios:
PsychoCoder:
How can I go about getting password at work that don't expire for that long? Ya know its a hassle to have to change them every 90 days, at least there you change them once every couple centuries or so.

90 days???? you should be thankful, we must change our passwords every month. and we can't use any of the last 24 passwords typed before.

Oh YEAH? When I was a kid, our passwords expired on the first use, and our password requirements were a 64-bit non-ASCII string!

Yeah well when I was a kid we not only had that, but we also had to type them in reverse, while blindfolded!

You young guys have it easy.

Just that?! We had that too, except guessing wrong was greeted by 20 volts of electricity and we had to type them in binary translated to hex!

(Captcha: ninjas. We had those too, they were our antiviruses.)

2007-11-06 Reply Admin

notromda:
James Steiner:
I dunno
Wibble! Flarbaharba ding-dong! OLIOLIOLIO!!!!!!!! How many baseball bats does it take to screw in a light bulb? Also, this page should be blocked cuz I'm on my Ibook.

Just Wait For It ...

Leave a comment on “Just Wait For It ...”