I once worked a place that required me to have access to a very confidential database. To “protect against hackers”, they changed the (collective) password every week and sent me the new one in open text to my webmail account. 😳
all this time video game computer security was based on reality
Except the corporations are the tutorial level, and the final boss is the home server of an anime-obsessed girl who wears Unix socks and owns an oscilloscope for some reason.
You think this is funny, but a codebase I once inherited did exactly this. Up until that point in my life, I never imagined I’d ever have such a violent urge to strangle someone.
Bonus: the system had two types of accounts for signups: one for employers and one for employees. Naturally, it would set the role of the created account during the signup process, but the issue was that anyone could submit a signup request with a custom payload and set themselves as the third account type: administrator.
Bonus #2: during a self-update request (avatar change, etc), users were able to change their own IDs in the database.
It was 100% vibe-coded by two imbeciles in two months. We had to rebuild 80% of that codebase.
People are already inheriting vibe coded codebases?
What is this, a one sentence horror contest?
Definitely! And the reason is obvious.
Pro tip: A lot of websites that don’t let you update certain fields about your profile or other things actually do let you, because it’s a full payload patch on the backend. You just need to modify the fields in dev tools.
Note: I did this on a hotel website to change my email address and then ended up creating a bad scenario where my login account email didn’t match my hotel profile email…they fixed it for me and said, “we aren’t sure what happened”. I didn’t say anything.
You joke, but I’ve used this at my last job. We cannot have the same login password and it told you the name of the conflicting accounts.
Businesses do shit like this then say they can’t let employees use Linux for cybersecurity reasons.
Recently I’ve seen them block all mail clients except outlook.
Meanwhile my customers are calling me up asking for help LEAVING outlook. Unprompted.
Yea, Microsoft shit the bed with this whole AI thing. Nobody wants locked into their shit now.
Outlook has always been shit.
Cybersecuritycompliance reasons.Cybersecuritycompliancebecause their MDM platform won’t run on Arch reasons.
Now you have a working account, the message was helpful, at least.
Not the same but I ordered some electronics from a local store recently and the “forgot your password” link sent me a mail with my password.
So have you hacked into starboy98’s mainframe yet?
Never seen someone so excited to talk to jigsaw
Thanks for reminding me. Jigsaw is a plagiarist‽
TAP
TAP
TAP
“I’m in.”I have this one specific program I have to use that I am not about to tell you what it is but if you get your security question wrong you can’t log in … But you can change the security question right underneath… Kn fine at least I have to have my password to change my security question right? Yup it’s a good thing I can press the eye to see my password, ok but you still have to have your password to get into your account right? Well not exactly if you forget your password you can call a recovery number and convince them you are you and they can let you in … Fine but at least you have to give them something right? Right? No, they ask you your previous address and phone number … All public information.
