Easy ways to ‘improve’ security.


I used to hear about HVAC contractors that would install fake thermostats to make people feel more comfortable. And all that stuff about how most office thermostats are fake. Seems like the same way AOL’s security works.
————-
“A reader wrote in Friday with an interesting observation: When he went to access his AOL.com account, he accidentally entered an extra character at the end of his password. But that didn’t stop him from entering his account. Curious, the reader tried adding multiple alphanumeric sequences after his password, and each time it logged him in successfully.

It turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL’s system, however, doesn’t read past the first eight characters. ”
http://blog.washingtonpost.com/securityfix/2007/05/aols_password_puzzler.html

This entry was posted in Security. Bookmark the permalink.

1 Response to Easy ways to ‘improve’ security.

  1. chrism says:

    So, Solaris up until atleast Sol8 would only accept the first 8 chars on a console login… What’s interesting is that ssh or rlogin or even telnet would actually accept more than 8, and even required it if it was in the original password.

    strange, probably the same codebase 🙁 (actually probably not since the AOL system came from an old Tandem… but funny anyways)

Leave a Reply