Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment if their security is as good as their programmers (Score 5, Informative) 115

.... then we're in trouble

I ran into their awful code back in August, when I was trying to sign in for a Sears email special (hey, I need some cheap tools ...)

the page is still there:

It wouldn't validate my password (say ... for example, "ab1cd2ef"), even though it met all the requirements:

"Password must be at least 8 characters, contain at least one number and one character, not start with a number and not contain any
special characters."

so I dug in a little, and found quite a gem of Javascript !
if (/^[a-zA-Z]+[0-9]+[a-zA-Z]*$/.test(oPass.value) == false) {
                return false;

it won't handle the two numbers ...

try it ... go to the sears link up there, and try registering with a password like ("ab1cd2de") ... don't worry, it won't work, so your (hopefully fake) email will be safe ...

if you want to see what's happening, have a look at the script.js file, and searh for the function verifyPass() ...
you can even see some commented out code of their previous attempts at implementing this basic functionality ...

I emailed Sears back in August, telling them where the error was, and a simple way to fix the regex used ... but all I got was an "out of office reply"

ah we.. I still managed to register after all, and have bought a few tools on sale ...

Comment All I want out of HDMI 1.4 (Score 1) 594

is the Audio Return Channel. Just make a small-ish TV (~ 40") with ARC so I can connect it to my receiver and get the audio out of the built-in tuner without having to have an extra optical cable ... no 3D ... and no 3D price markup either ...

Comment Re:More companies too (Score 1) 481

It's so easy to put all the blame on the corporations. but the consumer has to take the blinders off and look in the mirror.

When we buy something (electronics, car, clothes, vegetables, fruits ... anything!), do we stop and ask ourselves in what type on conditions that good was produced ? unlikely ...

Or do we only look at the bottom line and get as much as we can for the lowest cost ? sounds more like it ...

There will always be a corporation willing to do something shady to produce something for a lot cheaper .... because there will always be a consumer willing to overlook shady practices and BUY those goods.

It starts with the consumer. WE have to change.

Slashdot Top Deals

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984