Ticket site Lunatickets apologised to users who got an email overnight telling them their password had been changed. A Reg reader was almost amused to get the following password reset email from the firm. Dear XXX Your password to login to www.lunatickets.co.uk has been reset. Your new password is pissflaps. You can change …
Looks like I'll have to change my password! I use the same one in lots of places so it'll be a big hassle.
I'm as prone to using daft test data as the next dev but I NEVER mess about with anything that can send email. My tests are always along the lines "This is a test email from [company]. If you have received this in error, please ignore it."
It's po-faced but the consequences of forgetting your test app's connected to, say, your company email list are too embarassing to contemplate.
Its a mistake everyone makes the once.
I remember many years ago, i was doing some work on a database, so i created a temporary column with a stupid temporary name, did my work, and that was the end of it.
Except i forgot to delete the column.
This was all fine until our Boss got a phone call from the DBA at the (really big utility) firm we were doing this all for, a few months later, asking what the column, Erm, lets call it "Willy" was for, cos it wasnt in the schema document.
I didnt get fired, but it was really close.
Given that ElReg stores user passwords unencrypted, you should be a bit careful when criticising other companies password cock-ups.
Surely I'm not the only Reg reader with a level of schoolboy puerility to find that email absolutely hilarious...
no you're not
i was reading it to my boss and cracking up laughing.
If you are going to use test data
At least keep it clean. You don't know when its going to spring out of an old backup.
Permission to swear, Sir?
Years ago I was working in third-line support for a major online travel site. A customer had received a password reminder email; problem was that he hadn't set his password to 'youareatw*t' as stated in the email. I was asked to investigate how many customers had 'strong language' in their password. I got to write a report which included a table of sweary words, combinations thereof and numbers of occurences.
Discussing the report in a meeting with the account managers was entertaining.
IIRC, that particular password (albeit in the singular) was used by one of the world's largest banks back in the 80s during a 2 week install/rollout of an FX/MM product. We used a 2 part system (4 chars each) for security, via sealed countersigned envelopes. Needless to say, there are plenty of creative options with only 4 chars to play with, and this was the best permutation. It gave complete access to the Prod system...
This is what you get.
When you piss of the temps.
Paris, for obvious reasons.
You sure it ws'nt....
Funny if it wasn't your fault. :-)
Some years ago in a past job, my job was installing and testing the software another department wrote.
This was back early in the Win v3 days, and MSDOS apps (and MSDOS only setups) were still quite prevelant. The executable for this particular windows app had a DOS message along the lines of "this program will not run under MSDOS" or similar. Except it wasn't simlar, not even close.
I won't repeat here (truth be said I've forgotten the exact wording), but it made it quite clear the user running the executable lacked various forms of intelligence, and went just short of questioning the users' parentage for attempting to run this under DOS.
Our strict build controls meant the chance a user would see this would have been very slim, but not impossible, and certainly not something that would flair the reptuation of a multi-million (billion??) dollar company.
Told my boss, who appeared rather pissed off to say the least, who then went to the boss of the department writing the software. I have no idea how diplomatic he was about it, but the text string was changed promply, and we all in the workshop had a good laugh about it.
I'm guessing that software dept wasn't giggling at the time.
This story brightened up my day.
Testing with a
We were once testing email connectivity via a telnet session and I happen to send my colleage an email from a made up address simply with the word TW*T in the body of the message.
We were doing this to test some makeshift monitoring we were doing.
It worked, only it was picked up by the email police in the building (profanity wasn't allowed) and were instructed to explain the purpose of the email. My colleage very quickly came back with the fact that TW*T was an acronym for Testing With Anonymous Telnet. The dude went away and left us alone either beleiving us or impressed that he came up with this so quickly.
At the time release of this article. Their website was plagued by SQL injection exploits. This was the first time I had visited it and could count at least 5. It seems their "security" team had used a completely new test system as live. Damn idiots.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs