|
|
The language doesn't, but maybe the author of this crapware does. What he should get instead is death by redefining his extremities as hamburger.
|
|
|
|
|
Proof of the old adage that you can write rubbish in any language. Just because you used a hammer to remove your own teeth, does not imply hammers are faulty.
|
|
|
|
|
A new low in obfuscation. Why use just the comparison operators when you can involve the rest in the task!! I'm curious what this person was thinking in doing this? Of course, there is the attendant fear of discovering what they were thinking.. I retract my question.
|
|
|
|
|
Just making some changes on my project, found this pearl on a catch block which was the subject, wrapper with the exception message and stack trace:
errormessages += "Fatal error. Please Restart. We are sorry." + sessionExp.Message + ";" + sessionExp.StackTrace;
|
|
|
|
|
Not sure what the horror is. Looks like it is just accumulating error messages (though a list or StringBuilder would seem more appropriate). By the way, you may want to toss that code in a PRE block.
|
|
|
|
|
If this is .Net, the horror is using .Message instead of .ToString() which will already include the StackTrace
|
|
|
|
|
Not sure I would call that a horror either. The ToString might include the stack trace, but even if it does it probably doesn't have the message in front of the rest of the stack trace, as is the case with this example. If this is a log that is meant to be read by humans, it would seem smart to put the message ahead of the rest so people can avoid having to scan through the stack trace to get to the most important part.
|
|
|
|
|
I think the "We are sorry" bit is the horror.
You never admit liability.
The correct message should read:
"You screwed up the system again. Look here's a stack trace of all the functions you broke. Call the Helpdesk and apologise and maybe...just maybe we can get this sh*t working before Monday.
You've made me miss my sons soccer game tomorrow. You do realise that don't you? He'll be heartbroken. He still hasn't recovered from the weekend you made me miss his brithday by trying to print an end of month report in the middle of the month. It's called the end of month for a reason you MORON.
Do you care? Noooo, you're a user, you swan in here Monday to Friday, breaking systems when you feel like it. You'll probably spend the weekend fishing."
-Rd
Hit any user to continue.
|
|
|
|
|
That's awesome. I should have tried those messages in my college projects...
|
|
|
|
|
Just last week a security flaw was discovered in the company I am working for as a contractor. The IT Security audit department found that directory browsing was enabled in one of the website of the QA environment which was open across the internet.
What later was discovered that search engine crawlers had indexed all the documents that were in there and now anybody could find that information in google if they happened to search those keywords.
Has anyone come across things like this?
|
|
|
|
|
Nothing on that scale.
I did see a file once that listed a set of IP addresses that could hit a particular "sensitive" machine.
In debugging trying to get the security working, someone had stuck * at the end of the file.
They sadly forgot to remove the wildcard when everything was set up.
I believe it worked away quite happily for well over a year before anyone noticed. Nobody who shouldn't be there ever bothered to connect.
Those were simpler times of course.
-Rd
Hit any user to continue.
|
|
|
|
|
rohans84 wrote: I am working for as a contractor
Yeah, that's pretty bad.
|
|
|
|
|
its not when you know more about the system then their best employees
|
|
|
|
|
we had this ftp in our company that one day appeared full of porn
apparently anonymous access to the ftp was enabled
|
|
|
|
|
But it saves having to go out and search for it yourself.
In a related note, at another place I worked, every once in a while we went out to the network drives and searched for unauthorized files: music, films, etc. Sent the owners of the network directories nastygrams...and scarfed the content for ourselves.
|
|
|
|
|
Sometimes it is fun to just setup a machine, stick it out in the DMZ and see what happens to it.
Grab a pizza, sit back and what the logs... It is amazing how quick stuff gets found.
I was staging a machine once, got called to dinner and by the time I cam back it was full of stuff. Kind of funny really.
|
|
|
|
|
At a firm where I worked, a consultancy was contracted to prepare a new, interactive web site to allow people to make bookings on-line (this was when broadband first started being rolled out).
There were two problems with the new web-server:
The web-site itself (written using IIS/ASP (VB)) was unreliable and would crash intermittently, requiring a reboot of the server to wake it. The firm who wrote it were unable to find/fix the problem.
The ftp wasn't secured: one day, after the customary reboot to restart the web service, the machine started whinging about disk space etc. When I investigated I found some very cleverly hidden directories, hundreds of levels down a directory structure attached to the \Windows tree, containing hundreds of illicit copies of Playstation games which it was serving to the 'pirate' community...
Needless to say, we took the management of that server in-house from that point, and then also rewrote the entire site in PHP, hosted it on a small linux machine and had no further problems...
8)
|
|
|
|
|
My personal favorite was a lab machine we were (re)installing XP on, and we forgot to disconnect the network cable. The machine was infected with several viruses before the XP install completed...
Software Zen: delete this;
|
|
|
|
|
Camilo Sanchez wrote: we had this ftp in our company that one day appeared full of porn
apparently anonymous access to the ftp was enabled
Anonymous access to the ftp was enabled?
There's an excuse I need to remember.
-Richard
Hit any user to continue.
|
|
|
|
|
I just found my favorite. We paid a third party for a site redesign. They have talented project managers and artists, but crap developers. They added a link on every page that invites the world to "email this page to a friend." The .net app had input fields for from name, from email, to email, subject line(!) and "special message". The email body was "I thought you might be interested in this..." followed by the same full paragraph of legal crap we are required to use in our corporate sig. The mail was routed through our main exchange server. To demonstrate the danger, I spoofed an email as the CEO that looked completely legitimate.
|
|
|
|
|
I knew of an IT services company that had an incident once where they found one of their employees had been saving viruses on their personal network share! A "virus hobbyist", if you will, who had somehow figured that this was not only a good idea, but that it should also be done on the corporate network. Brilliant.
|
|
|
|
|
I know this is kind of off-topic but the worst security flaw I've ever seen/read about was at news. (5 o'clock, the morbid news here)
A 19 years old boy was home alone and he was... watching porn and doing other unchristian stuff.
After 4 hours of "working out" he closed the browser and put his torrents on seed and then went to sleep.
Well half an hour later his mother (who was very religious) came home and she had to check a few emails.
When she opened the browser some web pages were restored, 4 of which were porn videos. (like one wasn't enough >.>)
And the consequences: The mother castrated her child while he was asleep (with a salad knife, ironically) and popped out his eyes out of his head. (with the same knife)
Well, the mother ended up in a hospital (for severe mental illness) (St. Paraschiva Hospital ) and her (dead) son was buried... Her 4 other children ( ) were given to their grandparents.
Cause: Her son forgot to enable Private Browsing or open a Private Tab or use a similar feature of his browser.
Consequence: Castration, eyeball popping and, eventually, death.
Nobody died because of your security flaws. That boy did!
_______________________
Anyway, I use my netbook computer for "Shared Storage" - as I call it in the network. It's a folder in my laptop that I am sharing over the home network for code storage.
When I went to sleep, I forgot to shut down my netbook. The problem is, I also had Remote Desktop enabled for all connections and I was connected to the internet!
Well, while I was asleep, someone broke into my netbook and copied all my codes for himself and now he's making lots of money out of it - while I am making free, little programs for both personal and public use.
I can name that person but I won't, because it's not nice. I'll remain with the knowledge out of this... (Which is more important than money, in my humble opinion.)
The flaw(s) is(are) Microsoft's f***ing fault - When someone attempts to remotely connect to your computer, you are given a 20-seconds warning to log out or you will be automatically logged out OR that I forgot to shut down my computer. That person or someone else would have eventually broke into my netbook but whatever.
Because of Microsoft and/or my remembering skills someone else makes now profit (Which I could use a lot these days!).
I <3 C#!
|
|
|
|
|
Gather 'round kiddies, while I spin a tale of olde tyme computing, back when mainframes roamed the planet and fed on punched cards.
I was a wee sprout teaching myself how to program on a timesharing PDP-8 in high school.
The crowd I ran with usually had all the passwords, either through visiting the computer center, stopping the processor and using a disk diagnostic tool to pull the master password off the hard disk, or bugging the automatic logout program. But mostly through what is now called social engineering..."Hello, Fred? I know you don't use the computer (terminal) at your school, but could you get me the password to your school's account? Yeah, it's usually written on the blackboard by the terminal."
Unfortunately the teachers and system manager thought we had some machine language program that would coerce the passwords out of the system by forcing it to fail and as a last gasp would spit out the passwords as sort of a "help me!" before crashing.
Stop laughing, these bozos were serious.
So we had the name and so we set out to earn it. After about a month of trying to crack the security, we gave up. The timesharing environment was a rubber playpen that would not let us have access to the goodies.
And then I cracked it...by accident. Really. In what seems to be the pattern of my programming life, I have this innate and uncontrollable talent for finding bugs. Most of my career it has been a pain "Why is it only you that has trouble with the software?", but at my current job, it is a boon.
Back at the plot. I had gotten hold of the system programmer's guide for the OS and had gotten tired of flipping pages to interrelate system tables. Until I was seduced by the dark side of programming, I was studying to be an architect and had access to large sheets of paper and a drafting board. So I made this master layout of all the system tables and how they interconnected.
When I was done, I could see how I could go from public information and drill down to the input/output buffers. The system guide said you did not have buffers until you were logged in. I should have known it was BS because we used to hide what we were typing from the noobs by typing a long string of commands on the same line as the login. Since the keystrokes were not echoed until you were logged in, only someone good at reading keystrokes could see what we were doing.
But it got me to thinking I could watch what was being done at the other school's terminals. So I hacked out a quick little program called "Snoopy" and set it to watching the terminal next to mine. It worked wonderfully. And then seemed to hang. Hesitantly, as though someone was hunting and pecking at a keyboard the word "LOGIN" appeared. I about crapped my pants. This was the days of ASR-33 teletype terminals and printed output. If one of the teachers had come in, they'd have proof that I was cracking the system. You couldn't turn the monitor off or reboot the computer, my only option would have been to rip off the paper and eat it. Which would have looked a tad suspicious by itself.
The timesharing nature of the environment had made the pointers I was chasing go invalid and accidentally connected me to a buffer where someone was logging in.
A few years later, stories of this exploit earned me a little conversation with the FBI.
"A whale of a tale I tell you lads, a whale of a tale and it's all true, I swear by my tattoo."
Psychosis at 10
Film at 11
|
|
|
|
|
Google's been doing this to unwary website operators almost since it's inception. So many cases have hit the news over the years I've lost count.
Sounds like a case of "doomed to repeat" to me.
patbob
|
|
|
|