For those of you who don’t play video games, a “cheat code” is a particular set of commands you can enter while playing a game in order to enable some set of enhancements or bonuses for the player. These codes are usually included in games so that developers can test certain game behaviors, and then they’re left in the game when it goes out for publishing, either as fun easter eggs for the players to find, or just because they’re more of a pain to remove than it’s worth it to the game company.
You see the equivalent of this all the time in security processes. Someone develops a “secure” way of doing something, but (for whatever reason, usually economics) a bypass is enabled, which defeats the purpose of the process altogether.
From Security Monkey, I had to share:
The procedure is:
- Create an account on the APHIS website, giving them a password, your grandmother’s maiden name, 6 security questions (all different, all with different answers), your address, two telephone numbers, alternative contact info, and your email address.
- Receive an activation email with a link to click.
- Click the link and resubmit all the info in step one, making sure it is identical and in the same order.
- Print out the authorization.
- Take the authorization to a Local Registration Authority along with your government-issued photo ID so that the government employee can activate your account.
- Once activated, log in to APHIS and request a permit.
- Wait a week to receive your permit.
OR you could (put down your drinks everyone):
- Download the PDF of the permit request form.
- Fill it out and fax it in.
- Wait two days to get your permit faxed back.
I know how these oddball process overlaps occur. I still find them hilarious when I see one.