- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
ITAPPMONROBOT was funnier, but this was a great story nonetheless!
Admin
Next step: add OCR to read the tokens and send keystrokes to autocomplete the form...
Admin
Working solution for a non-trivial problem, how is that a WTF?
Admin
That last pun was truly upstanding!
Admin
That's where I thought this was going.
I just hope that doughnut box was standing on a wooden table
Admin
That's where I was expecting the story to be heading!
Admin
It was a shoebox, actually!
Admin
One of our guys wanted to monitor energy use in the building. He did something similar - set up a webcam aimed at the power meter (one of those new "smart" ones with the LCD readout). Fed the images into OCR software and read the meter...
Admin
This was a real fun read. Although I also expected some OCR automation but then.
Admin
And every time he entered the room where the Robots sat working on their di-polar computers, Roland could hear the steady beat beat beat of some not-so-distant slo-trans engine.
Admin
That was a brilliant solution - insecure and prone to disaster, but then, the CEO had it coming. There are too many MoneyWorxs around.
Admin
9/10 -- not quite as secure as the ITAPPMONROBOT.
TRWTF is MoneyJerks -- why would you require 2FA codes during the middle of a workflow?
Admin
I have the webcam software for my C920. It ain't a cheap webcam. But there is a cgi script to get a screen capture, so it should be relatively trivial to hook that upto OCR and automate it.
If I had a spare webcam I'd even give it a try as I hate typing in those numbers.
Admin
Now this makes wonder why there's no web/mobile app for RSA tokens? Instead of a dongle you have to carry around, make it an app. Right? Am I missing some security concern here?
Admin
Admin
Google Authenticator is a good example of just such an app.
Admin
I did the same with a laser through the disc on an analog meter. There were two holes in it, by timing the pulses on a light sensor I could determine energy usage stupidly accurately.
Edit: by stupidly accurately, I mean within 3.25W per half turn per minute, and the remainder would carry over. A single CFL shows up.
Admin
I was hoping for pulling the tokens apart, and running the LCD pins into an arduino, which was reprocessed and sent to a server.
Admin
The choice of a product that required using physical tokens rather than trusted host certificates is TRWTF.
Admin
The main security concern is smartphones are about 50000% more prone to having their data stolen than a small sealed circuit.
They're connected to the internet practically 24/7. Find a vulnerability in one and you can remotely steal any codes. Can't do that? Steal one for a minute and you can extract the private keys, or even install spyware so you can keep access to it forever.
Edit: of course if you're going to put the tokens in front of a public webcam, you're probably not too bothered about security...
Admin
underestimation much? i'd put the percentage at
Number.MAX_SAFE_INTEGER%Admin
The finest story for months. I had to explain to people why I was guffawing.
Admin
TRWTF is not using a genuine wooden table but instead duct taping the box to the server rack.
Admin
TDWTF needs to send mass flyers out to all companies informing them on the proper procedures for being TRWTF.
Admin
But if they used a wooden table, they'd need to re-engineer their entire framework for horizontal-compatibility. What are they, made of money?
Admin
Could have gone a step further and used CV to automatically input the codes.
Admin
Nonsense, you can stand a table on its end.
Admin
Glad that this wasn't truly one of the over-dramatized stories where co-workers are "mysterious" and "rarely seen", but instead, they were just trolling.
Another WTF is that this guy gets rewarded for a successful project with more work. I'd go Office Space on that. "I'd do that project, but after completing your last one, I wasn't rewarded. Now where's the incentive in that?"
Admin
This is an unsupported hack and results are not guaranteed to be vertical.
Admin
You might want to say that to HSBC, who distribute software for installing on Android and iPhone which calculates 2F codes for logging into it's internet banking service...
Admin
It is if you use a spirit level. And if you wedge a chair in behind it it'll be supported.
Admin
Admin
Admin
So? Artistic license...the story goes much better if it was a doughnut box: Offering and solution, all in one. It's like...religion or something.
Admin
MWrx replies: "But, but, but...what about the fact that trusted certificates can be copied? They'd steal our product. I'm sure the inconvenience is minimal, in view of the value of being our partner."
Admin
...or market share. Once they have enough, they'll draw attention.
Admin
Wait? What? So...you finish a project...and just...stay on the payroll for forever doing...nothing?
Admin
Do an ok job => same salary => new project Do a great job (what seems to have happened here) => higher salary and/or bonus => new project Do a great job => no financial incentives => fire up Word
Admin
2015 New Year's Resolution: use a different "Keep Calm" image for each month of the year.
Admin
Even Blizzard has one of those for WoW.
Admin
And then in 2016 you can release them as a Keep Calm Calendar
Admin
Well if it's a safe number, then what's the problem? I'm safe!
Admin
Man, if I was given a small raise or bonus every time I hit one out of the park, I'd be a multimillionaire right now. The reason they don't is that they already pay me to keep taking on tough projects day after day and keep hitting them out of the park. So I get an attaboy and a small raise or bonus now and then, and a consistently fat check every two weeks.
Admin
"New Year's Resolution" always reminds me of my favorite Mark Twain quote:
Or, if you just want the short version:
Admin
That was one I was going to just let go, but that is how I look at it also. I hire rock stars and pay them well. If they don't swing for the fences every time I put a hard task in front of them, they can go work somewhere else.
But I also set up compensation so that if they perform, they get paid well for it.
Admin
This will all work wonderfully until someone pans the camera around 180 degrees, and then looks at the pin-up on the wall. Then things become interesting.
Admin
Software RSA SecurID tokens do exist. They're just a pain to use. And, heck, SecurID is a bit of a bear to integrate with an application.
Source: we went down that road a ways. We are now using OATH (same thing that Google Authenticator uses).
Admin
OATH? "Yes Google, I promise I won't misuse this data - honest!"
Admin
How about those RSA keys that require you to press a button on them. The the Robot Guys could have lived up to their name - with a few actuators to press the buttons on the keys!
Admin
Best article read in a while! Just enough ridiculousness to remain credible yet funny.