Let's count a few WTFs: Passwords must be 6 to 8 characters long, no longer. (wtf123xyzzy is invalid!) Passwords canNOT contain any "special characters" (just letters and numbers, please). Security questions canNOT contain these either It's not a Javascript-based password system, but...

What's more scary is that most sites do it that way... they think obfuscating the URL is enough :( Microsoft has done a better job though, all files stored on Spaces (or SkyDrive) is only accessible if you're signed in to Live ID and have been assigned the rights to view an album. Or when the...

[quote user="SpectateSwamp"] [quote user="tdittmar"] Dear King Bullshit III., On the other hand - could you please give me reasons for NOT having sensitive data on computers? And please also provide alternative, more secure storage possibilities for sensitive data. [/quote] I'm...

Sounds like they were passing unencrypted userIDs in the querystring. http://www.theglobeandmail.com/servlet/story/RTGAM.20071204.wpassport1204/BNStory/National/home

Well, thank goodness there wasn't any sensitive data on those disks. Congrats to the government for averting a tragedy.

It might have already been posted, but to prove that stupid people can reduce any system to tatters: http://news.bbc.co.uk/1/hi/uk_politics/7103566.stm <q>Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The Child Benefit data on...

No, I don't work at a bank, although my previous job was for a company that wrote a lot of the awful software Banks use. Another utility here allows valid passwords to only consist of consonants. No evil vowels, numbers, or symbols are allowed for that one.

Just found this in a class called Encryption, on a ASP.NET application I'm working on... protected const string KEY = "DONKEY"; Which in turn is used by two methods EncryptTripleDES and DecryptTripleDES. Well it appears they're taking security seriously, they're using Triple DES :-)

function Login(){ var done=0; var username=document.login.username.value; username=username.toLowerCase(); var password=document.login.password.value; password=password.toLowerCase(); if (username=="tshm" && password=="thebigpicture") { window.location="image_download.shtm"; done=1; } if (username...

The other day I bought Ace combat Zero on from GoHastings through Amazon.com. I did not recall what type of shipping I had choosen (or if I was even given the option), so I went to their website at http://www.hastingsentertainment.com/catalog/ . Gamestop/EB Games allows you to check your order with just...