Avoid Spikes Quickie: #128 Log On, Lights Out

We’ve all done it. I just do it every goddamn time I log into anything.

Click here to leave a comment!

Advertisements

7 Comments

  1. Snow_Cat
    Posted March 27, 2011 at 7:33 am | Permalink | Reply

    I wish my bank worked this way.

    When they chaged my password they e-mailed *someone else* to say what it was changed to, and the jackass who sent the mail didn’t check that my e-mail provider was not Yahoo or Hotmail.

    Luckily that someone else that did get the email managed to find me and inform me of my new password using all of the personal information in the ‘security QnA’ attached to that email for verification.

    I wouldn’t have been upset enough to close all of my ‘online’ account options (and rant about it now) if instead of saying “Mr {Cat} the password for your account numbered {this} is now {that}” the email said “Call the bank to assign a new password. Your old password has been removed because it contains a problematic regex expression, (you cheeky bastard.)”

    • Posted March 28, 2011 at 8:08 pm | Permalink | Reply

      Wow, that’s incredibly lucky. Most folks would just get handy with your info and clean you out.

      And WTF? Who puts “regex expression” in a letter?

      First: “regex” means “regular expression”, so they are actually saying “regular expression expression”. Atmos System, anyone??

      And second, who the fuck would know what a regex is anyway? I had to look it up!

      I hope you switched banks. I don’t think I’d like the idea of window-licking fucktards looking after my finances.

      • Snow_Cat
        Posted March 29, 2011 at 1:38 am | Permalink | Reply

        I *did* switch banks, but then my old bank and my new bank merged 😦 And during that merger old bank struggled to take over my ‘new’ online banking services for months.

        My password didn’t just have a regex fragment; I encapsulated that inside ASCII, ANSI and Unicode escape characters to completely screw up any attempt to brutefore my password with sane (restricted to letters on a keyboard) patterns.

        I suspect that it may have also been holding up my old bank’s effort to all of the users from my new bank’s system into theirs.

        I do know for a fact that this particlular password that bricked a mess of wi-fi switches every time I entered it at the school, since we tested for that explicitly the third of fourth time it happened. And also, that shortly after they changed my password the migration to the old bank’s system was wrapped up pretty quickly.

        • Snow_Cat
          Posted March 29, 2011 at 1:45 am | Permalink | Reply

          (d’oh)
          The regex (and other escape codes) will screw up a database and routing table something fierce if not handled in a secure and safe manner. Much like an injection attack, only unintentional.

          The jackass might have believed that I had intentionally derailed their merer efforts. I’d imagine that there were a hudred odd late nights and angry desprate meetings if it were crashing the migration script and throwing nonsensical errors.

          http://en.wikipedia.org/wiki/Code_injection
          http://xkcd.com/327/

          • Posted March 30, 2011 at 9:47 pm | Permalink | Reply

            Heh, I love the idea that they could see you as TEH UB3R-L337 HAXXORZ but instead of sending the feds round to apply sporting equipment to your face, they send a polite email.

            Fail 🙂

  2. warbirdali
    Posted March 28, 2011 at 2:31 pm | Permalink | Reply

    You should be OK, not like it has millions of $$$ in there…..any more. PS I have cancelled my Hawaii trip now that you locked me out I can’t afford it any more

Post a Comment

You must be logged in to post a comment.

%d bloggers like this: