Security Cheat Codes   2 comments

For those of you who don’t play video games, a “cheat code” is a particular set of commands you can enter while playing a game in order to enable some set of enhancements or bonuses for the player.  These codes are usually included in games so that developers can test certain game behaviors, and then they’re left in the game when it goes out for publishing, either as fun easter eggs for the players to find, or just because they’re more of a pain to remove than it’s worth it to the game company.

You see the equivalent of this all the time in security processes. Someone develops a “secure” way of doing something, but (for whatever reason, usually economics) a bypass is enabled, which defeats the purpose of the process altogether.

From Security Monkey, I had to share:

The procedure is:

  1. Create an account on the APHIS website, giving them a password, your grandmother’s maiden name, 6 security questions (all different, all with different answers), your address, two telephone numbers, alternative contact info, and your email address.
  2. Receive an activation email with a link to click.
  3. Click the link and resubmit all the info in step one, making sure it is identical and in the same order.
  4. Print out the authorization.
  5. Take the authorization to a Local Registration Authority along with your government-issued photo ID so that the government employee can activate your account.
  6. Once activated, log in to APHIS and request a permit.
  7. Wait a week to receive your permit.

OR you could (put down your drinks everyone):

  1. Download the PDF of the permit request form.
  2. Fill it out and fax it in.
  3. Wait two days to get your permit faxed back.

I know how these oddball process overlaps occur. I still find them hilarious when I see one.

Advertisements

Posted June 10, 2008 by padraic2112 in security, web sites

2 responses to “Security Cheat Codes

Subscribe to comments with RSS.

  1. I would try that, but so many offices are now abandoning their fax machines as a bad investment (always assuming that the depreciation time has run out).

  2. I know you love these stories…. My wife just got a form letter informing her that a password was “updated” and it would be xxxxxYYzzzz, xxxxx was account number… hey look there it is on the top of the form letter. And YY would be postal code of the state she lives in… oh again look at that there is YY right on the letter. Thankfully the added security is oh so much greater than the previous password. Looksy it has all those digits… and there soooooo secret.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: