- Name of my first pet: a!%mJ8ECH&jNxP7!fi02TjJML
- Maidens name of my mom: DzAXz%wrZJEa2YA*fdwnc6D22
- The city I was born: Kfm!b4&Ipng5VSjQQcEcKN!$k
Yes, I use a password manager, I am very smart 🤓.
I’m ready to send her my password because I heard that the app converts every password to ******** and I really want to try it out.
Lemme see if it works for me Fuzzypuppy69bonghitz420blaz3
all i see is ***********************
Hunter2? That’s a weird password.
All-asterisk password is indeed weird.
Huh, never even thought of doing this.
If you’d like to do this, consider instead an odd phrase that would not be guessable. Using a a string of generated symbols means that if a customer service representative ever asks for it, “it’s probably a long string of random characters” will work to bypass it. On the other hand, if the color of your first car is “Albert Einsteins mustache” the service rep will be confused but unlikely to accept the wrong answer.
Good thinking, thanks for the input.
I love the modeling job at Shutterstock part, such a thoughtful touch!
Name of my first pet;
'drop table answers, emails, questions'A little sql injection lesson for anyone who wants to try fucking with an automated scammer script for real:
You can’t just give it an sql statement. The whole thing needs to be syntatically correct. The statement you’re infecting into probably looks something like this:
INSERT INTO scam_responses ( user_id, question, response) VALUES ( $user_id, $question_id, “$response” )
Where $blah is a directive to replace $blah with the contents of that vairable in some scripting languages. So a response would need to close the string and the bracket and start a new statement (or series of statements) where adding '") ’ would remain valid. Use semicolons to separate sql statements.
Eg, a response of:
deeznuts" ); UPDATE scam_responses SET response = “you’ve been hacked by mushrooms!”; INSERT INTO scam_responses ( user_id, question_id, response) VALUES ( 5, 0, "UPDATE scam_responses SET response = you’ve been hacked by mushrooms!
Would do the trick and might throw off their attempts to fix the security hole with that red herring “injection”, which looks like the actual injection but isn’t (and isn’t even legal due to the lack of quotes).
Though you need to be able to guess enough table and column names to even do this, even if they don’t sanitize the input properly, which is why having access to the source code makes a huge difference (since table/column names are usually in there, unless they are really fancy and store that information in another db, though in that case, they probably sanitize).
Though if you’re using sql, use stored procedures instead of sql statement strings. You tend to get better performance, too (or at least that was the case back when I did this during the time of dinosaurs).
Thanks, Poindexter.
Wait those were real advances?
I thought they were phising attemps!
I hate when sites ask me to set that, then I forgor, then I can’t even reset it.
