idiots – Terence Eden’s Blog

How not to do a password change page

@edent — Sun, 10 Jul 2016 09:34:26 +0000

We've all been faced with this screen, right? You haven't logged in to a website for a while, so it prompts you to change your password.

sigh Annoying but probably necessary.

The problem was, every time I tried to change my password, it told me that my old password was invalid. The one that I'd just used to log in. I use the incredible LastPass Password Manager - so I knew I wasn't typing it incorrectly.

It took a few tries, but I finally figured out what was going wrong. When I'd set up the account, LastPass had generated a secure 32 character password. But the "old password" field had artificially restricted passwords to a maximum of 20 characters.

Well, that's easy enough to change! Crack open Firefox's Inspect Element tool, change the maxlength value, and submit again.

What utter cockwombles.

Can you see any mention of a maximum length in the password rules? Minimum, sure, but no max.

Naturally, this 20 character restriction isn't enforced on the login page.

Take a bow, "Willis Towers Watson", your web developers are actively making the world a worse place. I'd ring you up to complain, but naturally you're closed on a Sunday.

SouthWest Trains' Silly Twitter Mistake

@edent — Fri, 06 Jan 2012 07:30:56 +0000

An amusing mistake spotted by my wife on her way to work. SouthWest Trains are trying to promote their Twitter service - @SW_Trains - via their LED message boards.

Looks like the displays don't understand the underscore character. I wonder if anyone tested this before it went live?

You can watch the full video

Dear Nokia...

@edent — Fri, 29 Apr 2011 10:53:08 +0000

Nokia's marketing team are idiots. They've used URL over which they have no control on an advert for one of their premium handsets.

This is the story of how I ~~hijacked~~ ~~stole~~ ~~hacked~~ recycled it and, in doing so, prevented Nokia from having a serious PR problem.

E7 Poster

This is advert for the new Nokia E7. It really emphasises the tweeting capabilities of the handset.

Nokia's marketing team have illustrated this by showing off a couple of tweets on the handset. One of which contains a Bit.ly short URL.

Here's the close up... it points to http://bit.ly/CYRWP

Being the curious chap that I am, I thought "Ooooh! I wonder where that'll take me? To some awesome Nokia competition page perhaps?"

So I typed it into my phone. Yup - the idiots in Nokia's marketing team didn't register the bit.ly link!

So, it was a simple matter for me to pop over to bit.ly, create a short URL pointing to this site, then customise it to say CYRWP.

Malicious Use

If I were a scallywag, I'd have pointed the URL to an Android website, or perhaps one of the less-than-stellar E7 reviews.

If I were nasty, I'd have pointed it to a malware page.

If I were a criminal genius (which I am not) I would have pointed it to a page which asked for credit-card number, email addresses, phone numbers, etc of people intetersted in buying / winning the handset.

I'm closer to scallywag than evil mastermind - so I pointed the URL to this blog post. Hopefully this page will serve as a reminder to Nokia's marketing team that you should....

Bootnote

Two other interesting things to note.

The #hashtag in the pictured tweet isn't hyperlinked. Tsk
The URL "CYRWP" is an anagram of "CRY WP". Are the Nokians in floods of tears over the death of Symbian and the coming rise of Windows Phone 7?