The Daily WTF: Curious Perversions in Information Technology

Secure This

by Alex Papadimoulis in Feature Articles on 2007-10-30

It's common knowledge that a security system is only as effective as its weakest point. You can install a reinforced steel door with a two-phase palm-print/retinal-scan entry to protect your home, but if you leave a first-floor window open, you're more vulnerable than your neighbor with a simple deadbolt. One of Nate's clients learned this lesson first hand with its e-commerce Web site. The operation didn't involve terribly sensitive data: there were no bank accounts, no Social Security numbers, nor even any credit card numbers. Pre-approved customers would simply sign in and place their orders. Accounts payable and fulfillment would take it from there.

Yet the Web site painted a different picture, featuring two-factor authentication, encrypted databases and a giant padlock graphic advertising "secure."

111 comments - Last comment @ 2007-11-15

Just a Little Chilly

by Alex Papadimoulis in Feature Articles on 2007-10-29

For many developers in a large company, visiting a department outside of I.T. is a rare treat. The people there are friendlier and, instead of the stolid I.T. grunt-nod, actually greet one another with a smile and words like “hello” and “how are you.” Not only that, but these departments often have donuts and other goodies in their break room past 9:03 AM! Apparently, without a horde of voracious programmers, such things can survive for more than three minutes.

Not too long ago, Devin was summoned to the Records Administration Department to see an issue that a user was experiencing first hand that couldn’t be remotely diagnosed. After wolfing down a handful of donuts from their break room, Devin stopped by to took a look. It was a pretty simple problem to fix: for whatever reason, the application’s registry entries were missing, so Devin added them and started up the application.

118 comments - Last comment @ 2008-09-02

Security by Letterhead

by Jake Vinson in Feature Articles on 2007-10-25

Security through obscurity is something we've all probably complained about. We've covered security by insanity and security by oblivity. And today, joining their ranks, we have security by letterhead.

John O'Rourke wrote in to tell us that as a part of his job, he often has to help clients transfer domain names. He's had to jump through all kinds of crazy hoops to transfer domain names in the past; including just about everything except literally jumping through hoops. After faxing in a transfer request and receiving a rejection fax an hour later, he knew he was in for a fight.

153 comments - Last comment @ 2011-07-11

Classic WTF: Lock In Key Security

by Alex Papadimoulis in Feature Articles on 2007-10-23

It's been a pretty hectic day (server outage, fun!); hope you don't mind a classic. Lock In Key Security was originally published on August 29, 2006.

Noah Nordrum isn't proud of what he's become. He is now, officially, a cracker. I mean, "kr@xx0rs." Err, I think. I don't know. I got that from my "3773 Speek" guide.

99 comments - Last comment @ 2025-10-26

Point of Fail

by Jake Vinson in Feature Articles on 2007-10-18

"Hey, don't take another step!" Chris H. froze in his tracks. The voice cried out "we're dead in the water here!"

Tensions had been running high at The Book Bunker (as I'll call it) for weeks. The Book Bunker's point of sale system had been up and down and up and down more times than anyone could count. Sometimes it was a database connection issue, other times it was an overheating issue, and other times no one knew what it was.

178 comments - Last comment @ 2011-09-28

Banking So Advanced

by Alex Papadimoulis in Feature Articles on 2007-10-17

Last month, I wrote about US financial institutions, their failure to implement two-factor authentication, and the absurdity that has become Wish-It-Was Two Factor authentication. I thought that'd be the last I'd write about the topic, but when Steven King pointed me towards his bank, Synergy One. I couldn't resist a follow-up.

First and foremost, Synergy One seems to be a great, local institution. They invest in their community. They offer college scholarships. Heck, they even have student-run branches to encourage saving money while in high school. And this is exactly why it's such a shame that they've fallen prey to the Wish-It-Was Two-Factor placebo.

186 comments - Last comment @ 2017-07-30

Paperless PTO

by Alex Papadimoulis in Feature Articles on 2007-10-16

Many years back, Vinay's company phased out Form 11.18-B, or, as it was more commonly known, the vacation request form. Along with it went Form 11.18-M (sick day request form), Form 11.12-B (absence cancellation form) and Form 12.11-B (absence exceed form). They were all rolled into the new Absence Processing System (APS) as part of the company's Process Improvement Process, a far-reaching initiative to technologize all things bureaucratic. Most employees didn't care for the new APS. Before going electronic, applying for vacation was simple: Have your manager sign Form 11.18-B, send the yellow copy to HR and keep the pink one. Using the APS meant opening up the application, trying to remember your APS password, clicking to the vacation request form, filling it out and then telling your manager to follow the same steps in order to approve it.

Of course, that wouldn't be so bad, except for the fact that the APS was incredibly slow. As a basic Access application shared by tens of thousands of employees, response time in the APS ranged anywhere from two to 20 seconds. All the time saved in filling out a paper form was made up in triplicate waiting for the APS to respond.

99 comments - Last comment @ 2007-10-22

It's a Different Set of Rules

by Jake Vinson in Feature Articles on 2007-10-15

Learning to communicate effectively is highly important so that you don't make yourself, and by extension, your company, look stupid. That said, I probably used too many commas in that last sentence. Their our alot of common mistakes that people make to often that could of easily been avoided. In the case of Adam V.'s coworker (who we'll call Angie), though, her mastery of grammar worked against her.

In a frantic email, Angie asked Adam "What's wrong with my program? I can't figure out why it won't complile!" Adam stopped by her desk to have a look and found the line that was causing the build to fail.

157 comments - Last comment @ 2008-08-29

The Circle of Strife

by Jake Vinson in Feature Articles on 2007-10-11

Marcel is whiling away the days as IT support for a few regional libraries. Typically, this means that he has to answer questions like "is this keyboard unplugged?" and "why does the screen turn off when I press this button on the monitor?"

Back in March, though, one of the libraries had a serious problem. The library has one central server that does all of their transaction logging — who has books checked out, which ones are overdue, which are on order, etc. It was turned off when Marcel arrived, and while he could get it to turn on, he couldn't get it to boot. Fortunately, they had a nightly backup, so Marcel had one of his coworkers run to get the backup tape. Meanwhile, Marcel tried everything he could to repair the system.

91 comments - Last comment @ 2008-07-21

The Final Straws

by Jake Vinson in Feature Articles on 2007-10-04

As a bright-eyed, bushy-tailed class of 2006 graduate, Andrew M. was excited to start his first job as a professional developer. He was fortunate to find a job so quickly after graduating and he was ready to make a difference.

The first day he showed up to work, he was ready to meet his coworkers, get his email set up, and have a look at the code he'd be maintaining. He was introduced to the IT guy that greeted him with a friendly "oh, you're the new developer," which was the extent of their conversation while they walked to Andrew's new desk.

82 comments - Last comment @ 2007-10-12

The Bug That Shut Down Computers World-Wide

by Alex Papadimoulis in Feature Articles on 2007-10-02

Where were you the morning of January 1st, 1984? Me? I was out living it up at Divestiture-fest ’84 and – let me tell you – it was quite a party. We drank until those seven little Baby Bells looked like fourteen, and kept drinking until it all looked like AT&T again. Ah, the good old days. But not all of us were out celebrating. Some – like Robert Reagan – were actually working, desperately trying to fix the bug that shut down computers across the world.

With all the “oh no, the world’s gonna end” date problems out there – Y2K, DST, The End of the Epoch, and Y2070 – it’s surprising that most haven’t heard of the day that the world actually ended. On that day – January 1st, 1984 – a single bug was responsible for shutting down – and keeping down – a whole lot of computer systems.

109 comments - Last comment @ 2021-10-27

Prisoner of Process

by Alex Papadimoulis in Feature Articles on 2007-10-01

When Eric C. arrived at his new job, it was with a huge sense of relief. His old workplace had been a haven for cowboy coders and anarchic hackers, where the only semblance of consistency was in everyone's preference to modify code directly in production.

"Finally," Eric thought as he flipped through the Developer's Handbook. "Real processes!"

58 comments - Last comment @ 2014-07-31

Recent Feature Articles