Follow Slashdot stories on Twitter


Forgot your password?

Comment: if their security is as good as their programmers (Score 5, Informative) 115

by coutch (#35697740) Attached to: Epsilon Data Breach Bigger Than Just Kroger Customers' Data

.... then we're in trouble

I ran into their awful code back in August, when I was trying to sign in for a Sears email special (hey, I need some cheap tools ...)

the page is still there:

It wouldn't validate my password (say ... for example, "ab1cd2ef"), even though it met all the requirements:

"Password must be at least 8 characters, contain at least one number and one character, not start with a number and not contain any
special characters."

so I dug in a little, and found quite a gem of Javascript !
if (/^[a-zA-Z]+[0-9]+[a-zA-Z]*$/.test(oPass.value) == false) {
                return false;

it won't handle the two numbers ...

try it ... go to the sears link up there, and try registering with a password like ("ab1cd2de") ... don't worry, it won't work, so your (hopefully fake) email will be safe ...

if you want to see what's happening, have a look at the script.js file, and searh for the function verifyPass() ...
you can even see some commented out code of their previous attempts at implementing this basic functionality ...

I emailed Sears back in August, telling them where the error was, and a simple way to fix the regex used ... but all I got was an "out of office reply"

ah we.. I still managed to register after all, and have bought a few tools on sale ...

Comment: Re:More companies too (Score 1) 481

by coutch (#31856650) Attached to: Microsoft Mice Made in Chinese Youth Sweatshops?

It's so easy to put all the blame on the corporations. but the consumer has to take the blinders off and look in the mirror.

When we buy something (electronics, car, clothes, vegetables, fruits ... anything!), do we stop and ask ourselves in what type on conditions that good was produced ? unlikely ...

Or do we only look at the bottom line and get as much as we can for the lowest cost ? sounds more like it ...

There will always be a corporation willing to do something shady to produce something for a lot cheaper .... because there will always be a consumer willing to overlook shady practices and BUY those goods.

It starts with the consumer. WE have to change.

To the systems programmer, users and applications serve only to provide a test load.