• My Comment (unregistered)

    I think...

  • Griphon (unregistered)

    Eastern or European?

  • L (unregistered)

    Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!

  • Binary Logic (unregistered)

    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

  • (cs) in reply to Griphon
    Griphon:
    Eastern or European?
    That's European or African tard
  • Griphon (unregistered) in reply to Binary Logic

    Not if I'm trying to hack their account.

  • Monday (unregistered) in reply to My Comment
    My Comment:
    I think...

    I think this is a pretty good...

  • (cs) in reply to Binary Logic

    Three answers.

    [Yes] [No] [File not found]

    </Mandatory Daily WTF reference>

  • Horamash (unregistered) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    The cool thing about those questions is that you can answer them in a very long sentence: Did I ever see a badger in real life? "There was this one time in the city zoo I saw a badger, but later it turned out to be an elephant, so the answer is no."

  • Steve (unregistered) in reply to Monday
    Monday:
    My Comment:
    I think...
    I think this is a pretty good...
    I think this is a pretty good time to...
  • L (unregistered) in reply to Binary Logic

    Q: Does your wife have a big butt? A: FileNotFound

  • (cs) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    Well, I doubt those are the only possible answers. Logical, sure. Possible though...well, programming is one of the few practices in which a yes/no question cannot be answered with "Sure, kinda...maybe. Well, actually, probably not."

    I'm sure there are plenty of security questions that ask a yes/no question and are correctly answered with "waffle".

  • Steve (unregistered) in reply to Steve
    Steve:
    Monday:
    My Comment:
    I think...
    I think this is a pretty good...
    I think this is a pretty good time to...
    I think this is a pretty good time to try that...
  • ID (unregistered) in reply to Steve
    Steve:
    Monday:
    My Comment:
    I think...
    I think this is a pretty good...
    I think this is a pretty good time to...
    I think this is a pretty good time to take a nap and...
  • x (unregistered)

    I seems they fixed it... too bad.

  • argh (unregistered)

    Q: Does your wife have a big butt?

    A: Yarr!

  • Stephen (unregistered) in reply to Griphon
    Griphon:
    Eastern or European?
    i was going to ask a similar failure.. unfair.

    ok.... then i'll ask...

    African or European.

  • Anon (too geeky to fess up) (unregistered)

    Swallows & coconuts. Monty Python & Star Trek - yer takes yer pick!

  • JimmyVile (unregistered)

    I'm thinking...hashed question strings with a really bad hashing function and no support for collisions?

    Really, I got noothing.

  • captain obvious (unregistered) in reply to Anon (too geeky to fess up)

    I got it! Q: I know a girl that...

  • Ken (unregistered)

    $query = "SELECT strSecretQuestion,strSecretAnswer FROM tblSecretQA WHERE strSecretQuestion LIKE '" . $secretquestion . "' LIMIT 1;";

    I so bet something like this is the source of the bug. (yes, I know my example is vulnerable to textbook sql injection attacks)

  • Richard' or 1=1 -- (unregistered)

    This one time, at band camp...

    I entered the following for my secret question: What is your dog's name?

    And got back: What is your dog3 rows in set (0.01 sec)

    WTF?

  • (cs)

    Given that God is infinite and that the universe is also infinite... Would you like a toasted tea-cake?

  • psini (unregistered) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    You are right. It should have been:

    [Yes] [No] [File not found]

  • The Orc (unregistered) in reply to captain obvious
    captain obvious:
    I got it! Q: I know a girl that...

    I know a girl that can't tell the difference...

  • Rev. Johnny Healey (unregistered)

    Once, when I went to recover a password from a site, I found myself confronted with the security question "What is blue?". I tried all sorts of answers but never managed to figure out what it was that I had entered as the answer originally.

  • Rogerwilco (unregistered) in reply to My Comment

    It gets better.

    It first asks you to fill in a full century, not just 1908-2008 or something, but then it doesn't like my entry :-D

    I know the number of people born in 1907 who need their service is small, but then just supply a pulldown box or something?

    Form Processing Error
    An error occurred while we were processing your form. Usually this means that one of the values you submitted in your form was invalid, or you did not put a value in a required field. Please check the error message below, and then review your submission.
    
    The actual error given was:
    
    Year must be after 1910.
    

    I think we'll be able to find more.

  • (cs) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    They only have two possible answers if you have no imagination. Example: Does your wife have a big butt? Yes No It's just the right size I wish she did Not as big as your momma's Hell yeah, more cushion for the pushin'
  • Rogerwilco (unregistered)

    heheheh, 1910 gives " You need to be at least 13 years old to enroll", 1911 seems to work though. Seems 1910 gets interpreted as 2010

    Clbuttic

  • (cs)
    Alex:
    Thawte decided that he would rather have the question be What was your first cat’s name (uppercase), despite the fact that he had typed “fur ball” in lowercase. And it also insisted that the question have a space between the word “cat” and the question mark.

    Have you been "anonymizing" again, Alex?

  • Polar Bear (unregistered) in reply to Steve
    Steve:
    Steve:
    Monday:
    My Comment:
    I think...
    I think this is a pretty good...
    I think this is a pretty good time to...
    I think this is a pretty good time to try that...
    I think this is a pretty goot time to try that thing you were...
  • Dirk Diggler (unregistered)

    After what happened to Sarah Palin's email account. I not longer answer those questions with the real answer.

    Q: What city were you born in? A: please define born

  • (cs)
  • AF (unregistered)

    FYI, Trinity is a time not a place. It refers to the summer term in Oxford University. The question apparently concerns the door code for Balliol College bar.

    http://www.ballioljcr.org/site/facilities/lindsaybar.asp

  • (cs) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

  • (cs) in reply to Binary Logic
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    Splunge!

  • Survey User 2338 (unregistered) in reply to Ken
    Ken:
    $query = "SELECT strSecretQuestion,strSecretAnswer FROM tblSecretQA WHERE strSecretQuestion LIKE '" . $secretquestion . "' LIMIT 1;";

    I so bet something like this is the source of the bug. (yes, I know my example is vulnerable to textbook sql injection attacks)

    I fear for your soul as you did not specifically state that you would use parameters.

  • (cs)

    Just another avenue to crap security. I hate security questions like these. If it's for anything where you can phone/fax/write the company to get things fixed, they are not only unnecessary, but they add a very easy way for an attacker to guess their way into your account. And, if they know you, the social engineering to find out something like "What was my prom date?" is beyond simple.

    That and I've had security questions where I can't answer a single one. Including the in which city were you born question (and I'm not the only one here, there's millions of us who have two different answers to that, you want the one written on my birth or adoption certificate?). And I just flat out refuse to use my birthday as a security question, good God that's always a dumb one.

    No, if I forget my password, I'll phone the company and have them ask me account questions like normal to get things put back in order, TYVM. I'm well aware this costs money, and if the place wanted to bill me $5 for the agent's time, that's fine with me. It'd help me remember by password for next time!

  • (cs) in reply to Horamash
    Horamash:
    The cool thing about those questions is that you can answer them in a very long sentence: Did I ever see a badger in real life? "There was this one time in the city zoo I saw a badger, but later it turned out to be an elephant, so the answer is no."

    And you'll never be able to successfully type that in in the exact same way. (Especially when you enter "yes" because you saw a real badger the next day, and don't remember that you first answered the question when your life was still badgerless)

  • Dirk (unregistered) in reply to L
    L:
    Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!

    Great! Make sure to turn of Safe Search!

  • (cs) in reply to shepd
    shepd:
    That and I've had security questions where I can't answer a single one. Including the in which city were you born question (and I'm not the only one here, there's millions of us who have two different answers to that, you want the one written on my birth or adoption certificate?). And I just flat out refuse to use my birthday as a security question, good God that's always a dumb one.

    Yeah I don't really remember the city I was born in. I asked my mom and it turns out the area was redistricted so it's a different city than when I was actually born there. I just said screw it, I don't care.

  • (cs) in reply to erich
    erich:
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

    Someone needs to learn binary math 2^5

  • jesse (unregistered)

    Just wondering... how many others do as I do, and have a secret question that actually bears no relation to the answer?

    e.g.

    I would have a question like:

    Q.) What color is my duvet? A.) Harold Jones III

    I have never entered one of these questions with a "matching" pair.

    On a related note, I had to laugh at my bank once, they didn't get the whole security question/answer thing. I called one day to sort something out, and they asked me what my security question was? (the actual question, not the answer)... I tried to explain to the CSR that I had no clue what it was, that it was the answer that I would know, if they told me the question. Finally I got her to spill the last 3 letters of the question, which was enough for me to recall the exact question I had entered. Oddly enough, I've switched banks since... not sure if this retarded policy still exists.

  • Brilhasti (unregistered)

    The company I work for has inexplicably used Thawte despite my repeated advice against it.

    The Thawte web site is beyond terrible. It was obviously coded by a team who may know something about programing, but know nothing about programming for the web.

    I hate hate hate hate hate Thawte.

  • cheers (unregistered) in reply to KattMan
    KattMan:
    Someone needs to learn binary math 2^5

    Don't you mean 2^3 + 2^2 I mean, I don't think the answer will be yEsnO

  • Someone (unregistered) in reply to KattMan
    KattMan:
    erich:
    Binary Logic:
    Does anyone else see a problem with a security question that has only two possible answers?

    [Yes] [No]

    lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)

    Someone needs to learn binary math 2^5

    Actually, he's right. It's 2^3 (yes variations) + 2^2 (no variations).

  • Scott (unregistered) in reply to L
    L:
    Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!
    this page is the 7th result on google for that query.
  • (cs) in reply to cheers
    cheers:
    KattMan:
    Someone needs to learn binary math 2^5

    Don't you mean 2^3 + 2^2 I mean, I don't think the answer will be yEsnO

    Oh god! I was just a victim of the Math Axiom to Muphry's Law wasn't I?

  • Thom (unregistered) in reply to L
    L:
    Q: Does your wife have a big butt? A: FileNotFound

    My god man, your wife must have a big butt if you can lose a file in it.

  • Bernie (unregistered)

    Do bananas make you feel sexy?

    Not this again...

Leave a comment on “Thawtf”

Log In or post as a guest

Replying to comment #:

« Return to Article