- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I think...
Admin
Eastern or European?
Admin
Reminds me of my favorite game.. searching for things like "and he got his * stuck in a *" in Google. Hours of fun!
Admin
Does anyone else see a problem with a security question that has only two possible answers?
[Yes] [No]
Admin
Admin
Not if I'm trying to hack their account.
Admin
I think this is a pretty good...
Admin
Three answers.
[Yes] [No] [File not found]
</Mandatory Daily WTF reference>
Admin
The cool thing about those questions is that you can answer them in a very long sentence: Did I ever see a badger in real life? "There was this one time in the city zoo I saw a badger, but later it turned out to be an elephant, so the answer is no."
Admin
Admin
Q: Does your wife have a big butt? A: FileNotFound
Admin
Well, I doubt those are the only possible answers. Logical, sure. Possible though...well, programming is one of the few practices in which a yes/no question cannot be answered with "Sure, kinda...maybe. Well, actually, probably not."
I'm sure there are plenty of security questions that ask a yes/no question and are correctly answered with "waffle".
Admin
Admin
Admin
I seems they fixed it... too bad.
Admin
Q: Does your wife have a big butt?
A: Yarr!
Admin
ok.... then i'll ask...
African or European.
Admin
Swallows & coconuts. Monty Python & Star Trek - yer takes yer pick!
Admin
I'm thinking...hashed question strings with a really bad hashing function and no support for collisions?
Really, I got noothing.
Admin
I got it! Q: I know a girl that...
Admin
$query = "SELECT strSecretQuestion,strSecretAnswer FROM tblSecretQA WHERE strSecretQuestion LIKE '" . $secretquestion . "' LIMIT 1;";
I so bet something like this is the source of the bug. (yes, I know my example is vulnerable to textbook sql injection attacks)
Admin
This one time, at band camp...
I entered the following for my secret question: What is your dog's name?
And got back: What is your dog3 rows in set (0.01 sec)
WTF?
Admin
Given that God is infinite and that the universe is also infinite... Would you like a toasted tea-cake?
Admin
You are right. It should have been:
[Yes] [No] [File not found]
Admin
I know a girl that can't tell the difference...
Admin
Once, when I went to recover a password from a site, I found myself confronted with the security question "What is blue?". I tried all sorts of answers but never managed to figure out what it was that I had entered as the answer originally.
Admin
It gets better.
It first asks you to fill in a full century, not just 1908-2008 or something, but then it doesn't like my entry :-D
I know the number of people born in 1907 who need their service is small, but then just supply a pulldown box or something?
I think we'll be able to find more.
Admin
Admin
heheheh, 1910 gives " You need to be at least 13 years old to enroll", 1911 seems to work though. Seems 1910 gets interpreted as 2010
Clbuttic
Admin
Have you been "anonymizing" again, Alex?
Admin
Admin
After what happened to Sarah Palin's email account. I not longer answer those questions with the real answer.
Q: What city were you born in? A: please define born
Admin
Admin
FYI, Trinity is a time not a place. It refers to the summer term in Oxford University. The question apparently concerns the door code for Balliol College bar.
http://www.ballioljcr.org/site/facilities/lindsaybar.asp
Admin
lol, yeah, was thinking the same thing. Maybe it's case sensitive, which gives 12 choices. :)
Admin
Admin
I fear for your soul as you did not specifically state that you would use parameters.
Admin
Just another avenue to crap security. I hate security questions like these. If it's for anything where you can phone/fax/write the company to get things fixed, they are not only unnecessary, but they add a very easy way for an attacker to guess their way into your account. And, if they know you, the social engineering to find out something like "What was my prom date?" is beyond simple.
That and I've had security questions where I can't answer a single one. Including the in which city were you born question (and I'm not the only one here, there's millions of us who have two different answers to that, you want the one written on my birth or adoption certificate?). And I just flat out refuse to use my birthday as a security question, good God that's always a dumb one.
No, if I forget my password, I'll phone the company and have them ask me account questions like normal to get things put back in order, TYVM. I'm well aware this costs money, and if the place wanted to bill me $5 for the agent's time, that's fine with me. It'd help me remember by password for next time!
Admin
And you'll never be able to successfully type that in in the exact same way. (Especially when you enter "yes" because you saw a real badger the next day, and don't remember that you first answered the question when your life was still badgerless)
Admin
Great! Make sure to turn of Safe Search!
Admin
Yeah I don't really remember the city I was born in. I asked my mom and it turns out the area was redistricted so it's a different city than when I was actually born there. I just said screw it, I don't care.
Admin
Someone needs to learn binary math 2^5
Admin
Just wondering... how many others do as I do, and have a secret question that actually bears no relation to the answer?
e.g.
I would have a question like:
Q.) What color is my duvet? A.) Harold Jones III
I have never entered one of these questions with a "matching" pair.
On a related note, I had to laugh at my bank once, they didn't get the whole security question/answer thing. I called one day to sort something out, and they asked me what my security question was? (the actual question, not the answer)... I tried to explain to the CSR that I had no clue what it was, that it was the answer that I would know, if they told me the question. Finally I got her to spill the last 3 letters of the question, which was enough for me to recall the exact question I had entered. Oddly enough, I've switched banks since... not sure if this retarded policy still exists.
Admin
The company I work for has inexplicably used Thawte despite my repeated advice against it.
The Thawte web site is beyond terrible. It was obviously coded by a team who may know something about programing, but know nothing about programming for the web.
I hate hate hate hate hate Thawte.
Admin
Don't you mean 2^3 + 2^2 I mean, I don't think the answer will be yEsnO
Admin
Actually, he's right. It's 2^3 (yes variations) + 2^2 (no variations).
Admin
Admin
Admin
My god man, your wife must have a big butt if you can lose a file in it.
Admin
Not this again...