- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Damnit! Jake stole my password!
Admin
Admin
How come that vegetarian/vegan cafeteria dishes are either like that or outstandingly excellent?
Admin
Jake is a wuss.
I mean he didn't jump at a chance to try and play 'Global Thermonuclear Warfare' and even getting paid for it (if it is on a company resource you are allowed to play right) ?!?
Who amongst us would pass that one.. :smile:
Admin
Really though this seems like a fairly benign WTF.
Admin
passman Bill Gates human-resourcesAdmin
Maciej told us just the official protocol.
What Steve really said:
Admin
This is so wrong... so so so so wrong.
It gives me the shivers to know how they update the passwords and where are they stored. Who wants to bet on plain text VARCHAR?
I knew some password would be ripe for a joke.
Admin
Aah, that explains it.
I'm not worried then, we all knew ISPs are incompetent morons. Just encrypt your traffic end-to-end and everything will be fine.
Admin
And where's the WTF?
This is fine. I would not work at a company, where people are hiding anything from each other. We need atmosphere of trust!
Admin
Whoever wrote this has to be stricken with the "consistency stick"
Admin
Not quite sure what you mean.
Also not quite sure why you'd inspect my author blurb. If you want a high-res of that photo to put up above your bed or something, I think I still got one...
Admin
There's yer actual factual :wtf: right there. "Nice" and "vegan cafeteria", by definition, do not belong together. A vegan cafeteria can't be nice because it doesn't (and cannot, by definition) have bacon.
Admin
http://cookieandkate.com/2014/how-to-make-coconut-bacon/
Admin
Don't be flattered, I meant the CSS classes:
The whole guacamole is there.
Admin
It seems a very good solution to me, just what you want to see at an ISP. But then, I work for the NSA.
Admin
While I'm at least as fond of bacon as the next man, there are good vegan cafeterias. Some vegan food is very nice indeed.
Admin
Ooooh ... if you have some left ...
Admin
A vegetarian has a dog. I told my dog this and he said "wtf?"
Admin
Your password is
******?Also, I should have just copied and pasted that instead of typing it out.
Admin
This HAS to be fictional.. i mean, can you imagine this in the hands of the BOFH? :smile:
Admin
Admin
What unfortunate corner of the world do you live in?
Admin
Just to complete the Escape From Topic and Away Into Tangent-Land: does the windows on the top floor protude from the rest of the building, or how can Jake see the rest of the building?
And if that does not work: Is it jus <!-- sic --> me or has Maciej's beard grown longer?
Admin
What I'm wondering is what happened during the interview? Wouldn't you have found out that the staff hang out in casual clothing? Or did he accept a job based on an HR only interview? I think I found the wtf.
Admin
Must be all that vegan food.
Admin
Well, if they did verify the current user, it creates nice platform to host Hacker's Lab challenges. :stuck_out_tongue:
Okay, I'm the real :wtf: for mentioning that.
For the purpose of disambiguation: around Y2k someone hosted a challenge that you're given level1 account and it's password on an Unix server, you need to leverage common at first but less well-known at later way to assume the identity of user of next level, using all the tools given on server for user of that level. People who can crack all the 24 or 25 levels are given free account on that server. And it verifes server using the old TTL fingerprinting trick to deny people using Windows to take the challenge.
The wild old days...
Admin
Wow, what a great prize. "You have 24 logins to this server, your reward is... A LOGIN TO THIS SERVER! YAAAY!"
Admin
Sorry, but it looks like pencil shavings, not bacon.
Admin
If it tastes like a duck, it is a duck, okay!?
Wait, we're talking about bacon, not python. Mea culpa. Yeah, bacon is awesome. Like, real bacon, not the shit you can buy at grocery stores.
Admin
The "levels" accounts are shared environment, cannot do much interesting things (like cannot host webpages) and will have contents reseted from time to time (so if a file required to crack that level is deleted by some user, wait some time and the challenge will be restored)
Admin
I see your VARCHAR, and raise an unencrypted ASCII delimiter-separated file, because a database just seems too complicated.
Admin
Admin
In fact, you might just as well publish the entire list on a wall poster in a staff restroom. Anyone who has penetrated that far into the organisation presumably has a login, so the information is available.
Admin
IRL I once worked for a small charity which has exactly that attitude. Staff were very carefully recruited, and all information, even HR, was shared - but not with the outside world. I thought about this, very hard, and then turned down the job of connecting their systems to the Internet and becoming the IT guy.
Admin
Maybe it's L-shaped. Or narrower on the top.
It also comes out of the screen when you're not looking.
You don't always get to have a look at the developer room, and the person interviewing you usually keeps the appearances up at least for the interview.
Trust me on that, I wore a suit and tie on my first day myself...
Admin
More importantly, do they open? It seems like jumping might be an attractive way out.
Admin
All I can say is: wait until you see our new improved service at:
http://www.ourpassman.comFor maximum ease of use, the site is web-facing, and has a drop-down for the systems. In case anyone forgets, we've also added direct links to all the protected services.
(The funny thing was: the hackers wouldn't use it--it was beneath them. "You're just too damn easy, man, no challenge.")
Admin
I didn't go that extreme. I did wear a dress shirt and slacks. A few fellow engineers told me I'm too dressed up... like their interns. I was an intern I think I kept up that appearance for a couple months until I was hired full-time then wore my shirt with half-naked ladies.
I still wouldn't say my companies security is very tight in some areas, but god I wish they'd hook up to SSO with all the webapps that I need to login to daily individually. I've broken down far enough to tell my browser to remember my password as typing it 8 times in the morning is annoying.
Admin
Any reason you're not already using KeePass for all that stuff?
Admin
Maybe mirrored in the glass front of the building over the street.
Admin
How would KeePass help with the "have to login to everything separately" problem? Or are you just saying that hitting the KeePass hotkey 8 times every morning would be less annoying than typing the password in?
Admin
Having seen what my dog enjoys eating, I don't find this a ringing endorsement.
Admin
because some of us like having our passwords secure.
if you get your hands on my keepass password store you can access my passwords without my knowlege, but if the password is only in my brain you have to either hack my brain which i rather think i would notice, or resort to trying to capture the password in flight, an attack vector that keepass is also vunerable too.
Admin
But your tiny brain can't store hyper-secure passwords!
Admin
hypersecure? maybe not. but it sure as belgium can store at least a dozen 30 random character passwords, i'll worry about storing more entropy when websites stop storing passwords wrong and putting upper limits on the number of characters in the password.
Admin
Dang.
Admin
it's not that hard.
okay it is really hard, but my trust in the security of my password store is inversely proportional to the distance that password store is from me.
I can't do much about the remote stores other than make sure no two have the same password and pray, but the local store (which has more than one password in it) i can do something about.
Admin
Only if you use a bad master password.
Admin
given sufficient computing power even a good master password can be broken.