Profile cover photo
Profile photo
Chase Maier
39 followers
39 followers
About
Posts

Post has attachment
I've been wondering for a while when TigerDirect will realize it's advertising department doesn't understand how to use the term "BLACK FRIDAY!"
Add a comment...

I am officially scared of DomainPeople. I have a client with a single domain name registered with them that I needed access to and there were some issues with the password recovery feature on their site. I call them on the phone so they can send out a password reset email to the administrative contact listed on the whois record and this is part of the conversation:

Me: "I need to get access to an account. I have a Username & Password from 2006 that doesn't seem to work on the current system to login."
Them: "What domain is this for?"
Me: {Gave them domain}
Them: "Okay, it looks like that one was moved over to a new system that you can't access from our homepage. I can send out a password reset email to the administrative contact on the whois record for this domain."
Me: "Okay, lets do that."
Them: "To do that, I'll need the last three letters of your current password."
Me: "Umm... if I had that why would I be calling you? I have the last three letters of the password I have from an email in 2006."
Them: "Sure, whats that?"
Me: {Read off the last three letters of a random upper+lowercase string of chars from the email}
Them: "No, that is not right at all."
Me: "Okay, I sort of expected that. What now?"
Them: "The current password starts with an 'm', is all lower case, and is a word you'd find in a dictionary. It is definitely something that a human entered. Does that help?"
Me: "No, not really..."

... after about 10 min more I got him to send out the email with the password reset link. But WTF is with the "hey, tell me part of your password" and "hey, i know your password in plain-text"? It is amazing that people still do this sort of stuff.
Add a comment...

Post has attachment
I find this highly entertaining. Now everyone's hashed passwords in their databases are wrong and they can't just patch the library silently since then people won't be able to log in once the bug is fixed as their password would no longer hashes to the same value as when the bug was present.

"A longstanding bug that was recently found in the crypt_blowfish password hashing library highlights the problems that can occur when a bug is found in a widely used low-level library."
Add a comment...
Wait while more posts are being loaded