- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
..and that kind of sums up security in most companies I've worked in.
Admin
Linguiça is a popular sausage in Goa state originate in Protugal.
Admin
"The last step in my performance was to show how much faster their solution was in real-world use. The new smart card unlocked the session in less than a second and Sebastian beamed with pride."
I think you should have changed one more "my" to "Sebastian's".
-Harrow.
Admin
The new smart cards, whose distinguishing factor was holding twice as many certificates, are also significantly faster. I'd want those too...
Admin
What to say about this?
I long ago lost count of the number of people I've encountered who were "concerned about security" that have accepted lapses like this.
I once got in trouble for not locking a door that was adjacent (no kidding: ad-jac-ent) to a door that was permanently unlocked (didn't even have a lock).
Admin
"He was about to apologize and grab an old card from my stock..."
...and this "my" to "his"
Admin
HPCs. The real WTFs.
Admin
Did it 'flat out not work' or did they just not implement it correctly?
Because if it didn't work, the smart card company should cover the dead cards.
But of course, it DID work, because he used one at the end to demonstrate.
Admin
PedanticPatrickPuffsPeriodontistPenisPreciously
Admin
My jowls were quivering after I read this article.
Admin
Admin
Admin
The software did 'flat out not work' with the card. Nowhere there it is saying that the card didn't work.
Admin
Also, maybe my brain just isn't that big- but this was very confusing.
I don't know why it was difficult to comprehend, it just seemed very oddly worded.
Admin
Admin
Mark Bowytz, punctuation is important. We can't hear the way the words sound in your head.
Admin
"I can't, I just can't," he heaved deeply...
I tell you, if I had a nickle for every time I've heard that...
Admin
Or maybe the background on the page was white, and he thought that's all that was needed?
Admin
Make that at least 2 "my"'s into "Sebastians"
Admin
Hey, the DX400 was certified by Toilette themselves against, um, back-door cryptographic deserialization double penetration replay injection attacks! . . . Isn't it enough that the card has a pretty hologram with keys or lightening or something else cool looking?
Admin
I've learnt not to repeat the same mistake. My luggage combination is on the inside of my luggage.
Admin
Admin
I know what you mean. I was about to go upstairs to bed when I locked the closet door. To be sure it was adjacent (no kidding: ad-jac-ent) to the front door, which I left unlocked.
Here's my address:
**********, ** *****
Admin
Good joke, marred by poor delivery.
By the time I read the last few paragraphs two or three times trying to understand what happened, teh funnay had flown away like the sound of geese as they fly behind a hill.
I still smirked a little anyway once I got it, but this could have been chortle-worthy.
Admin
Never met the head of globel security. Wrong story, bub.
Admin
Admin
Not a card security problem, but a security problem in general.
Some 15 years ago, I worked for a large international bank, on a project that consolidated the balance and P/L sheets of the bank and its daughter companies and affiliates.
The central accounting department demanded that the final reports be exported to a particular program (name withheld to protect the guilty), in order that they could analyse the data further.
Our team received a copy of the software to install on my computer (I was the chief analyst and designer of the software) and that of a member of the development team. I created a user profile with password, and started to examine the program.
Half an hour after installation, one of the developers came in and said: "Hi, xxxxxxx [my password]!" It turned out that the program's database was an unprotected FoxBase application, and the user and password table was named "User Passwords". The rest of the data, including all the balance information, was equally accessible to any user. Furthermore, during logging in, if you tried to abort using Alt-Ctrl-Del, you suddenly found yourself in the system as super-user, able to change anything, including the table, form and table definitions.
I mentioned the security problem to the project manager, who was not interested. Neither was the section head. Nor the department head. In fact, I received an official reprimand for wasting their time.
I also mentioned the problem to the liaison man from the company that produced the software.
Within a hour, I received a call from the CEO of the company (a very nice Swedish lady), who was appalled wben I explained what we had found. After cursing the programmers, who had promised to correct the problem months before, she assured me that I would receive a corrected version forthwith. It took two days.
It turned out that the accounting department using the software until then consisted of two men. They came in to work together, left together, and had an independent network consisting only of their two computers. Data were transfered in and out via floppy disks. Secure enough, I suppose.
Admin
Admin
CAPTCHA: odio. The singular of odious, which is what the Project Manager, Section Head and Department Head were.
Admin
I thought I could see one direction this might have been going.
Thirty days before delivery of a project and the customer suddenly decides to withhold payment unless a completely left-field change request is implemented? That's the real WTF, right there.
I'd be tempted to suggest they had a conversation with the company lawyers.
Admin
"Superior security is vitally important. Your company will either comply in 30 days or we will withhold payment."
Your investment will increase by $x,000 to cover this change in scope or we will halt the project.
Admin
I'm curious as to why we got so much detail about the person who left. I was thinking that he was going to come back into the story somewhere; but, no, his mentioning was only a backdrop as to why Sebastian was where he was.
Admin
Regarding threat to withhold payment, you just say "Oh that's a contract matter. That's over my pay grade. I'll forward your comment to my supervisor." The dude will be able to back down later after he no longer has an audience.
Admin
I was the dev lead on a project where, before our new application was developed, a single person had literally hundreds of millions, if not billions of dollars worth of confidential/secret trading information in an MS Access forms database they wrote themselves... on their laptop that they took home everyday and let their kids play with...
I mean, loosing the data would be bad, but the potential for reputational damage was incredible should any of the information leak.
Needless to say they lost their laptop until the database was removed and secured and had their laptop scrubbed.
Admin
Admin
Admin
I'm glad I'm not the only one with meat for hands.
Admin
Admin
Perhaps unlikely my mentally disadvantaged dimwit, however it is (was) true.
Admin
sigh
At this rate, I'll never compose a completely-coordinated company of clones to command. Back to the drawing board...
Admin
Alliteration win.
Admin
Admin
I heard about that in the news. Apparently the dev lead of that project owned that laptop.
Admin
You know what, I wish because I would be a really wealthy man right now rolling in piles of ill-gotten money... Or in jail for insider trading. Either way it would have been a helluva ride.
Admin
If the terms of any Change Orders in the contract are "time and materials", this is your profit margin.
Admin
Okay, maybe I wasn't clear enough; my bad.
Both doors went from the same hallway, through two walls that met in an "L", into the same auditorium: A single door with no lock, and a set of double doors that had a lock.
Not only was it silly to have a lock on the double doors, but I was ordered to lock the double doors; when all you had to do to unlock them was go through the unlocked (and unlockable) single door into the auditorium, go around the corner, and turn the knob on the double doors from inside.
I was accused of not securing the auditorium. No joke. (Well, it was a joke, but the person giving the orders was dead serious.)
Truly ridiculous.
Admin
And then some guy would have a helluva ride on your ass.
Admin
Is this your way of proposing?
Admin
With as much influence as Simon had on the story, nothing would have been missed if he had been left out altogether.
Admin
The things I am thinking I am ashamed to utter.