• (cs) in reply to qvasi
    qvasi:
    Hear! Hear! Though, when they know Vista's such a blood-leech to the system why do they ship the computers with Vista pre-installed, and ask you to burn 8(!) cd's with a "Vista backup" when you first start it?

    Two reasons, first is because M$ is forcing their hand, and second is because they do not wish to pay for so many CD-s to be used for that crap... So they push the hidden expense on the user :D

  • Err... (unregistered) in reply to Pingmaster
    Pingmaster:
    Jake Vinson:
    aaaaaaaaaaaaaaaaaaa:
    So... why isn't the first one actually a WTF?

    If the login is an email/password combination and you use hotmail, AOL, gmail, yahoo, school, company email, etc., this gives you enough information to narrow it down to which email you signed up with, but doesn't provide any useful information to spammers. Otherwise, with a list of usernames, you could easily turn it into a list of valid email addresses.

    I'd rather be asked "does your social security number end with 6789" than "is your social security number 123-45-6789?"

    And yet, no-one's actually hit the real problem. A proper verification method asks the user to provide all the info and is verified by the system. This is like asking "Is your password 'ilikekittens' instead of having you enter the password. I mean really, if a company provides you with the verification key and simply asks you if it's correct, do you think someone trying to breach your account would be dumb enough to say no? I know that it's not likely the case here, i'm just saying that if the person who wrote that site doesn't understand security enough to write a page like that, there's probably some pretty badly gaping holes elsewhere.

    That's not intended to be a security measure, it's just checking that you haven't changed your email address! It's just trying to save you the hassle of re-entering information they already have. No WTF, in any way. If you do have multiple emails at that provider you can always say "no" and re-enter it.

  • diaphanein (unregistered) in reply to Jake Vinson
    Jake Vinson:
    I'd rather be asked "does your social security number end with 6789" than "is your social security number 123-45-6789?"

    Personally, I'd rather my SSN not be used as an ID to begin with.

  • (cs)

    Regarding the second error, I've seen Apache say that it encountered a 500 error while trying to "process the ErrorDocument to handle a 404 error".

    I'm not American. What is so bad about other people knowing your social security number?

  • Anon (unregistered) in reply to LightningDragon

    LightningDragon -

    As an American, your SSN has become a de facto national ID number (despite government claims when the Social Security program was created).

    It's used to track educational records, taxation, employment eligibility, credit history, retirement benefits, etc. Someone that gets your SSN along with minimal additional information can basically assume your identity (i.e. take our loans in your name, get identification in your name, etc).

  • Theo (unregistered)

    The real WTF is integrated video cards. I'm running Vista on 512Mb since new year. And writing this within browser =)

  • zzo38 (unregistered)

    Of course they could display your email address without asterisks, but another way (that would be too confusing for most people) is to display the MD5 hash of your email address, and a button next to use a javascript to ask your email and verify against the hash. However, I think it would be fine if they just asked your email every time, that would probably be best way anyways, then you wouldn't have to ask yes/no and then if you push no, wait for next page and ask for email address

Leave a comment on “Please Verify These Asterisks”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article