• (disco)
    C:\Users\jakesmith>passman Jake Smith webadmin
    Your login is: admin
    Your password is: hunter2
    

    Damnit! Jake stole my password!

  • (disco)
    [image] Looks fine to me.
    Username:  Placeholder
    Password:  Sceond
    
  • (disco)
    eating what appeared to be a piece of cardboard coated in sea salt
    I doubt it was actual **sea** salt.

    How come that vegetarian/vegan cafeteria dishes are either like that or outstandingly excellent?

  • (disco)

    Jake is a wuss.

    I mean he didn't jump at a chance to try and play 'Global Thermonuclear Warfare' and even getting paid for it (if it is on a company resource you are allowed to play right) ?!?

    Who amongst us would pass that one.. :smile:

  • (disco)

    Really though this seems like a fairly benign WTF.

  • (disco) in reply to DocMonster
    DocMonster:
    Really though this seems like a fairly benign WTF.

    passman Bill Gates human-resources

  • (disco) in reply to Yazeran

    Maciej told us just the official protocol.

    What Steve really said:

    we were tired of peopleC level morons going around askingshouting for passwords
  • (disco)

    This is so wrong... so so so so wrong.

    It gives me the shivers to know how they update the passwords and where are they stored. Who wants to bet on plain text VARCHAR?

    Your password is: i<3tswift

    I knew some password would be ripe for a joke.

  • (disco)

    a building that hosted of one of the largest ISPs in the country...

    Aah, that explains it.

    I'm not worried then, we all knew ISPs are incompetent morons. Just encrypt your traffic end-to-end and everything will be fine.

  • (disco)

    And where's the WTF?

    This is fine. I would not work at a company, where people are hiding anything from each other. We need atmosphere of trust!

  • (disco)
    <span class="articleMeta">
       Feature Articles by <a href="/authors/maciej-stachowski">Maciej Stachowski</a> 
       <span class="date">on 2015-07-29</span>
       <span class="admin-only pull_right">....</span>
    </span>
    
    <a href="/authors/maciej-stachowski" class="author hideMobile">
       <div class="authorPic fadeInDown">
        ...
       <h4>Maciej Stachowski</h4>
       <p class="short-description">....</p>
    </a>
    

    Whoever wrote this has to be stricken with the "consistency stick"

  • (disco) in reply to Eldelshell

    Not quite sure what you mean.

    Also not quite sure why you'd inspect my author blurb. If you want a high-res of that photo to put up above your bed or something, I think I still got one...

  • (disco)
    nice vegan cafeteria

    There's yer actual factual :wtf: right there. "Nice" and "vegan cafeteria", by definition, do not belong together. A vegan cafeteria can't be nice because it doesn't (and cannot, by definition) have bacon.

  • (disco) in reply to Steve_The_Cynic

    http://cookieandkate.com/2014/how-to-make-coconut-bacon/

    My dear, sweet, coconut bacon skeptics, hear me out. This vegan “bacon” is amazing! It’s crispy, sweet, salty and tastes just like the real deal, so don’t knock it til you try it! I could go on about it, but I think Cookie’s coconut bacon desperation says it all.

  • (disco) in reply to Maciejasjmj

    Don't be flattered, I meant the CSS classes:

    • short-description
    • pull_right
    • fadeInDown, authorPic

    The whole guacamole is there.

  • (disco)

    It seems a very good solution to me, just what you want to see at an ISP. But then, I work for the NSA.

  • (disco) in reply to Steve_The_Cynic
    Steve_The_Cynic:
    A vegan cafeteria can't be nice because it doesn't (and cannot, by definition) have bacon.

    While I'm at least as fond of bacon as the next man, there are good vegan cafeterias. Some vegan food is very nice indeed.

  • (disco) in reply to Eldelshell
    Eldelshell:
    guacamole

    Ooooh ... if you have some left ...

  • (disco) in reply to Gaska
    Gaska:
    but I think Cookie’s coconut bacon desperation says it all.

    A vegetarian has a dog. I told my dog this and he said "wtf?"

  • (disco) in reply to abarker
    abarker:
    C:\Users\jakesmith>passman Jake Smith webadmin
    Your login is: admin
    Your password is: hunter2
    

    Damnit! Jake stole my password!

    Your password is ******?

    Also, I should have just copied and pasted that instead of typing it out.

  • (disco)

    This HAS to be fictional.. i mean, can you imagine this in the hands of the BOFH? :smile:

  • (disco) in reply to PWolff
    PWolff:
    How come that vegetarian/vegan cafeteria dishes are either like that or outstandingly excellent?
    FTFY
  • (disco) in reply to operagost

    What unfortunate corner of the world do you live in?

  • (disco)

    Just to complete the Escape From Topic and Away Into Tangent-Land: does the windows on the top floor protude from the rest of the building, or how can Jake see the rest of the building?

    And if that does not work: Is it jus <!-- sic --> me or has Maciej's beard grown longer?

  • (disco)

    What I'm wondering is what happened during the interview? Wouldn't you have found out that the staff hang out in casual clothing? Or did he accept a job based on an HR only interview? I think I found the wtf.

  • (disco) in reply to Mikael_Svahnberg
    Mikael_Svahnberg:
    And if that does not work: Is it jus me or has Maciej's beard grown longer?

    Must be all that vegan food.

  • (disco)

    Well, if they did verify the current user, it creates nice platform to host Hacker's Lab challenges. :stuck_out_tongue:

    Okay, I'm the real :wtf: for mentioning that.

    For the purpose of disambiguation: around Y2k someone hosted a challenge that you're given level1 account and it's password on an Unix server, you need to leverage common at first but less well-known at later way to assume the identity of user of next level, using all the tools given on server for user of that level. People who can crack all the 24 or 25 levels are given free account on that server. And it verifes server using the old TTL fingerprinting trick to deny people using Windows to take the challenge.

    The wild old days...

  • (disco) in reply to cheong
    cheong:
    People who can crack all the 24 or 25 levels are given free account on that server.

    Wow, what a great prize. "You have 24 logins to this server, your reward is... A LOGIN TO THIS SERVER! YAAAY!"

  • (disco) in reply to Gaska

    Sorry, but it looks like pencil shavings, not bacon.

  • (disco) in reply to Steve_The_Cynic

    If it tastes like a duck, it is a duck, okay!?

    Wait, we're talking about bacon, not python. Mea culpa. Yeah, bacon is awesome. Like, real bacon, not the shit you can buy at grocery stores.

  • (disco) in reply to blakeyrat

    The "levels" accounts are shared environment, cannot do much interesting things (like cannot host webpages) and will have contents reseted from time to time (so if a file required to crack that level is deleted by some user, wait some time and the challenge will be restored)

  • (disco) in reply to Eldelshell
    Eldelshell:
    Who wants to bet on plain text VARCHAR?

    I see your VARCHAR, and raise an unencrypted ASCII delimiter-separated file, because a database just seems too complicated.

  • (disco) in reply to EatenByAGrue
    EatenByAGrue:
    because a database just seems too complicated.
    My thoughts exactly. Who wants to muck around with database connections (which themselves would require some kind of password), when you can just post the file to a public share for the program to read from?
  • (disco) in reply to Tsaukpaetra
    Tsaukpaetra:
    when you can just post the file to a public share

    In fact, you might just as well publish the entire list on a wall poster in a staff restroom. Anyone who has penetrated that far into the organisation presumably has a login, so the information is available.

  • (disco) in reply to martin
    martin:
    This is fine. I would not work at a company, where people are hiding anything from each other. We need atmosphere of trust!

    IRL I once worked for a small charity which has exactly that attitude. Staff were very carefully recruited, and all information, even HR, was shared - but not with the outside world. I thought about this, very hard, and then turned down the job of connecting their systems to the Internet and becoming the IT guy.

  • (disco) in reply to Mikael_Svahnberg
    Mikael_Svahnberg:
    how can Jake see the rest of the building?

    Maybe it's L-shaped. Or narrower on the top.

    Mikael_Svahnberg:
    Is it just me or did Maciej's beard grow longer?

    It also comes out of the screen when you're not looking.

    machtyn:
    Wouldn't you have found out that the staff hang out in casual clothing?

    You don't always get to have a look at the developer room, and the person interviewing you usually keeps the appearances up at least for the interview.

    Trust me on that, I wore a suit and tie on my first day myself...

  • (disco) in reply to Mikael_Svahnberg
    Mikael_Svahnberg:
    Just to complete the Escape From Topic and Away Into Tangent-Land: does the windows on the top floor protude from the rest of the building, or how can Jake see the rest of the building?

    More importantly, do they open? It seems like jumping might be an attractive way out.

  • (disco)

    All I can say is: wait until you see our new improved service at: http://www.ourpassman.com

    For maximum ease of use, the site is web-facing, and has a drop-down for the systems. In case anyone forgets, we've also added direct links to all the protected services.

    (The funny thing was: the hackers wouldn't use it--it was beneath them. "You're just too damn easy, man, no challenge.")

  • (disco) in reply to Maciejasjmj
    Maciejasjmj:
    Trust me on that, I wore a suit and tie on my first day myself...

    I didn't go that extreme. I did wear a dress shirt and slacks. A few fellow engineers told me I'm too dressed up... like their interns. I was an intern I think I kept up that appearance for a couple months until I was hired full-time then wore my shirt with half-naked ladies.

    I still wouldn't say my companies security is very tight in some areas, but god I wish they'd hook up to SSO with all the webapps that I need to login to daily individually. I've broken down far enough to tell my browser to remember my password as typing it 8 times in the morning is annoying.

  • (disco) in reply to Nprz
    Nprz:
    god I wish they'd hook up to SSO with all the webapps that I need to login to daily individually.

    Any reason you're not already using KeePass for all that stuff?

  • (disco) in reply to Mikael_Svahnberg
    Mikael_Svahnberg:
    how can Jake see the rest of the building?

    Maybe mirrored in the glass front of the building over the street.

  • (disco) in reply to flabdablet

    How would KeePass help with the "have to login to everything separately" problem? Or are you just saying that hitting the KeePass hotkey 8 times every morning would be less annoying than typing the password in?

  • (disco) in reply to Gaska
    Gaska:
    >I think Cookie’s coconut bacon desperation says it all.

    Having seen what my dog enjoys eating, I don't find this a ringing endorsement.

  • (disco) in reply to flabdablet
    flabdablet:
    Any reason you're not already using KeePass for all that stuff?

    because some of us like having our passwords secure.

    if you get your hands on my keepass password store you can access my passwords without my knowlege, but if the password is only in my brain you have to either hack my brain which i rather think i would notice, or resort to trying to capture the password in flight, an attack vector that keepass is also vunerable too.

  • (disco) in reply to accalia

    But your tiny brain can't store hyper-secure passwords!

  • (disco) in reply to aliceif

    hypersecure? maybe not. but it sure as belgium can store at least a dozen 30 random character passwords, i'll worry about storing more entropy when websites stop storing passwords wrong and putting upper limits on the number of characters in the password.

  • (disco) in reply to accalia
    accalia:
    dozen 30 random character passwords

    Dang.

  • (disco) in reply to ijij
    ijij:
    Dang.

    it's not that hard.

    okay it is really hard, but my trust in the security of my password store is inversely proportional to the distance that password store is from me.

    I can't do much about the remote stores other than make sure no two have the same password and pray, but the local store (which has more than one password in it) i can do something about.

  • (disco) in reply to accalia
    accalia:
    if you get your hands on my keepass password store you can access my passwords without my knowlege

    Only if you use a bad master password.

  • (disco) in reply to flabdablet

    given sufficient computing power even a good master password can be broken.

Leave a comment on “What's The Password?”

Log In or post as a guest

Replying to comment #:

« Return to Article