- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
+10 internet points for silent d
Admin
whipit_good();
Admin
Admin
Quoting from memory:
"Whoa! Looks like the quadratic formula exploded....and it's eating some Linux!"
Admin
You forgot: GOTO 10
Admin
What's is called when you execute a Bel Air, but using Daft Punk instead of the Fresh Prince?
Admin
Thats how I tried to decode it. Yeah, there seem to be encoding issues.
>>> code=('F?@Z[SfLSX/}~xÉpÉÇzÅ~fJEH?CLtâxb/' ... + 'Étzrp_JtÑÅcLtÉp{Ç}pÅc/~ÉÑPJ@LtÅtÅ_/Å~u/tÅÑstr~Å_/tÇdJ|{ÄÇz~~{' ... + 'LtrÅÑ~b/pÉpSJg^aTgn]^XcPadcRPULv~{pÉpR/{pxÉx}XJbca^_TaQTfLSX/ÅtÇ' ... + 'dJtÑÅcL~u}X/àÉxÅÑrtb/ÉÇxÇÅt_JEDCQTfLsÅ~ÜÇÇp_J@=QST[^[`bLÅtsxÖ~Å_') >>> def decode(s): ... return ''.join(chr(ord(c)-15) for c in s) ... >>> decode(code) '701KLDW=DI noi\xb4za\xb4z\xb4xk\xb4voW;6904=e\xb4\x93iS \xb4zekcaP;e\xb4\x82\xb4vT=e\xb4zal\xb4xna\xb4vT o\xb4z\xb4\x82A;1=e\xb4ve\xb4vP \xb4vof e\xb4v\xb4\x82deco\xb4vP e\xb4xU;ml\xb4u\xb4xkool=ec\xb4v\xb4\x82oS a\xb4zaD;XOREX_NOITARUTCAF=gola\xb4zaC lai\xb4zinI;STROPERBEW=DI \xb4ve\xb4xU;e\xb4\x82\xb4vT=ofnI \xb4\x91\xb4zi\xb4v\xb4\x82ceS \xb4z\xb4xi\xb4x\xb4veP;654BEW=d\xb4vo\xb4\x8d\xb4x\xb4xaP;1.BDELOLQS=\xb4vedi\xb4\x87o\xb4vP' >>> print decode(code) 701KLDW=DI noi�za�z�xk�voW;6904=e��iS �zekcaP;e���vT=e�zal�xna�vT o�z��A;1=e�ve�vP �vof e�v��deco�vP e�xU;ml�u�xkool=ec�v��oS a�zaD;XOREX_NOITARUTCAF=gola�zaC lai�zinI;STROPERBEW=DI �ve�xU;e���vT=ofnI ���zi�v��ceS �z�xi�x�veP;654BEW=d�vo���x�xaP;1.BDELOLQS=�vedi��o�vPAdmin
Gah, forgot to reverse:
Admin
Hey, org.mortbay.jetty.security.Password can obfuscate passwords!
All they had to do then is port Jetty to VB6, and then they can say they're using common library code!
Admin
TRWTF is "Password=WEB456"
Now that is secure, lightyears beyond "12345".
Now excuse me while I go change the combo lock on my luggage.
Admin
Caesar's Code rulez !!111oneleven
Admin
Admin
try { detect_it(); } finally { its_not_too_late(); }
Admin
bopIt(); twistIt(); pullIt();
Admin
exactly my thought. if Eve has lots of time it's not secure but an over-the-shoulder glance gives up nothing.
Admin
You missed your chance for first post! After all, this is the 15th one.
Admin
Admin
Would have been even safer if he'd obfuscated the names:
Absorber=SQLOLEDB.1;Abracadabra=WEB456;Salesman=True;The Fan=WEBREPORTS;Milestone=FACTURATION_XEROX;Well=looksµlm;Checklist=1;Sign Language=True;Shipping Quantity=4096;Hot Seat=WDLK107
...because absolutely no one would figure THAT out. :P
Admin
Why so verbose, y'all? If code is hard to write, it should be hard to read. Why not:
DoIt(); DoIt2(); DoIt3(); DoIt4(); DoIt5();
... and so on?
;)
Admin
Admin
Wow For a second I thought i was reading some former employers Delphi code...
Captia: Letatio
Admin
Admin
I don't see the WTF. Of course its insecure. Its just obfuscation. If someone looks over the developers shoulder, he won't be able to read the password. If he gets the source, he can get the password anyway by just using exactly the same decryption function the program uses. so where's the wtf?
Admin
Assuming 8 bits per char this is only 40 bit encryption. A vendor of ours did something almost identical. They stored the ODBC connect string as plain text in a .ini file. When we said that was not secure enough to pass our auditors, they used a bit shift algorithm to obfuscate the database log-in.
Admin
Am I the only one who instinctivly read that to the tune of daft punk / technologic?
Admin
ok...next time I'll read the rest of the comments first...
lmao!
Admin
doit(WRONG);
Admin
Admin
Admin
Admin
So, what would be the "right" way to abstract the connection information?
Admin
Yeah, I can't believe how many people didn't get that. That "kind" of security is "job security" -- making your code less readable.
Duh.
Admin
I'm kind of surprised more people thought of Technologic than Harder Better Faster Stronger. Maybe my brain is just wired differently because of this.
Admin
The doit(), printit(), etc function names are more wtf worthy than the obfuscation. If the intention is to keep casual browsers of the .exe file from seeing the connection string, the simple encoding will do the trick. Will it keep the KGB out? No. Is it the best text-book way to do it? No. But it is enough to keep curious employees and the run-of-the-mill IT drones from seeing the connection info? Most likely. Like you said, its obfuscation, and as long as the programmer realizes what that is and isnt, there are times and places for it.
Admin
This is a code WTF, not a management one. The management here actually have a clue, and know that it's better to do a rewrite than maintain the existing code.
Admin
kid.justJamIt()
Admin
Ayup, run as non-admin on my laptop and desktop. Some annoyances, but runs great. Definitely not as bad as some make it out to be. As long as you can have access to local admin for the times you DO need it.
Admin
Admin
WorkIt(harder); MakeIt(better); DoIt(faster); MakesUs(stronger);
MoreThan(ever); Hour_After(hour);
for ($our_work = 0,$our_work = 0,our_work++) { WorkIt(harder); MakeIt(better); DoIt(faster); MakesUs(stronger); }
Admin
while(isWrong || isRight) { beatit(); }
Admin
The character set most commonly called "ANSI" is Windows-1252 (aka. cp1252), but that isn't it.
Admin
Technologic!
Admin
Best reference to anything I've read on here for a while.
Blue. NAO! doit(!!!!11);
Admin
no. Also,
Before the cream sits out too long.
When a good time comes around... or you will never live it down
Admin
Every other comment you've read so far is encrypted (using a one time pad) saying "first"
Admin
Yes.
:-)
Admin
Yeah, that's a good song
http://www.youtube.com/watch?v=6EUupnF02vo
Admin
Running as a limited user in XP for about a year now. It's doable. To my surprise I only have to start 3 program as administrator to make them work (a firewall, a ip blocker and another one I forgot). I use PsExec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx) to run programs as administrator through shortcuts (and yes, I know it means my admin password is visible in plain text in those shortcuts but I would take a real person (ie hacker) to figure that out. I doubt a virus/trojan/etc is smart enough to do that).
Admin
How you managed this I cannot imagine. Yesterday I was unable to even install the current release of Flash player on a limited-user XP box. Most users in this situation would just continue to run with the old Flash player.
Unpatched Flash player with known and easily exploitable vulnerabilities, is the single most dangerous thing to have on a computer (with the possible exception of what's between chair and keyboard).
Personally, having seen limited-user accounts repeatedly fail to repel any nasties, and prevent the installation of essential updates, I think they are a liability not an asset.
Admin
ahf*uckit();