funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: seen on the ANA website

From: "Dennis Henderson" <hendomatic () gmail com>
Date: Sat, 1 Sep 2007 22:08:09 -0500
On 9/1/07, security curmudgeon <jericho () attrition org> wrote:



: I guess this fits the MO for this ML,
:
: I was just on the ANA website, playing with their mileage program that
: can't cope with my name being spelled 4 different ways depending on the
: phase of the moon. Heaven help someone with a complicated name!
:
: In the forms section:
:
: For security reasons, please do not use the following marks----' '," ",<
: >and( ).

More and more I am seeing web sites, specifically banks and service
providers (online bill paying) require passwords that do not use any
special characters.

: Does this mean:
:       A) We are incapable of secure coding and use SQL, meaning that
anyone with
:       a modicum of SQL knowledge will be able to vacuum our database.
:
:       B) We are also incapable of filtering out potentially malicious
HTML, so please
:       don't do that.



How about C.

Business Units that are so afraid that their customers will be put off by
having to type !@%^()_ that they demand passwords that do not expire, and
are basically weak..  passwords, that is...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: