Josh GisterFeb 24, 2024
Xavier Ashe 
#meme #infosec
Feb 24, 2024 at 3:26amWeb
Show threadJoshFeb 24, 2024
@Xavier @darkuncle I’m really having trouble with this. The extraneous apostrophe makes me twitch.
Show threadcohomology is FUN!Feb 24, 2024
@josh @darkuncle @Xavier that also messes with the CSV files, especially if you also use double-quotes
Show threadJanne UplaFeb 24, 2024
@josh @darkuncle @Xavier came here to post this. I literally died when I noticed it.
Show threadMortenFeb 24, 2024
@Xavier Tell the hackers to use parquet instead.
Show threadBardMoss the Bodhi Linux GuyFeb 24, 2024
@Xavier try not adding apostrophes to your plurals
Show threadXavier Ashe Feb 24, 2024
@zaivala My high ass didn't even notice that last night. Not my meme.
Show threadcultdevFeb 25, 2024
@zaivala @Xavier i flinch whenever i see “the 80’s”…which happens nigh daily 😣
Show threadBardMoss the Bodhi Linux GuyFeb 25, 2024
@cultdev @Xavier
Pluralizing numbers looks wrong however you do it. But I do it right anyhow.
Show threadtsadilasFeb 24, 2024
@Xavier owww gooooood
Show threadkeithzgFeb 24, 2024
@Xavier And LOTS of quotation marks
Show threadsluggard   Feb 24, 2024
@Xavier now I’m wondering how many sites can’t accept a ‘ , “ or \ in a password.
Show threadAndyFeb 24, 2024

@Xavier And quotation marks (U+0022), in pairs around commas. Thank me later.

",secret"",,","""word"

Show threadMorgan ⚧️Feb 25, 2024
@andy @Xavier I'm sure this is a shitpost but in case anyone took it seriously, fair warning that the above post is instructing you to find a workaround to that hack, so as to ensure that your password would work in one of these CSVs
Show threadBobHyFeb 24, 2024
@Xavier this is excellent advice!
Obligatory xkcd reference: https://images.app.goo.gl/V7BnDK9fBgNQK21w7
Google Image Result for https://imgs.xkcd.com/comics/exploits_of_a_mom.png

Show threadDirk WillrodtFeb 24, 2024
@Xavier or semicolons to mess with SQL tables?
Show threadLog 🪵Feb 24, 2024
@Xavier I'm quietly grumbling about how this relies on the fact that *nobody* follows the spec for CSV files, and whenever I have to work around that, they are always too far away to slap and too paying-customery to yell at.
Show threadXavier Ashe Feb 24, 2024
@log Guess we need to create a new standard.
#xkcd
https://xkcd.com/927/
Standards

xkcd
Show threadMonkeyKingFeb 24, 2024
@Xavier Ooh, might start including "DROP TABLE" in my passwords!
Show threadjnpnFeb 24, 2024
@Xavier security prejection
Show threadWesDymFeb 24, 2024
@Xavier Plurals do not take apostrophes.
Show threadHoward CohenFeb 24, 2024
@Xavier Alas, the CVS file format specifies that commas can be quoted to preserve them in the data. Dumping to CVS automatically does this. Otherwise it would never work for any kind of data that contained commas.
Show threadGareth SimpsonFeb 25, 2024
@hoco @Xavier the CVS file format specifies that all data be printed out on a paper roll with 2-3 coupons between each row.
Show threadHoward CohenFeb 25, 2024
@xurble @Xavier I could edit to correct my gaffe, but I'd rather enjoy your humor. :-)
Show threadSean PayneFeb 25, 2024
@Xavier
Show threadcowvinFeb 25, 2024
@Xavier Do they allow EOF and that sort of stuff? LOL
Show threadsmiddiFeb 25, 2024

@Xavier

Makes you think, why some websites don't allow commas in passwords.

#meme #infosec

Show threadUwe KüchlerFeb 25, 2024
@smiddi @Xavier I think it's safe to consider websites with such limitations as insecure and not very trustworthy.
Show threadUwe KüchlerFeb 25, 2024

@smiddi @Xavier Side note: just 2 years ago, I used the 'forgot password' function of a smaller Telco provider. They *emailed* it to me in *cleartext*.
My assumption is that many of the sites that impose character limits on pwd text fields do so for easier clear text storage in their database.

Discussed this with a responsible person and only got shrugging shoulders.

Show threadsmiddiFeb 25, 2024

@oraculix

Automatically generated mail, or did someone copy and paste it per hand? Bonus: out of an excel sheet.

🥲

@Xavier

Show threadUwe KüchlerFeb 25, 2024
@smiddi @Xavier All of the above would be awful.
OK, the bonus would be awfuller 😉
AFAIK it was generated.
Show threadsabikFeb 25, 2024
@Xavier @zens
I hear the eicar test file is also fun
Show threadAlveus NosvilleFeb 26, 2024
@Xavier HOOOOOOOLY shit.
even if it's assuming the use os CSV file, it's a great idea. I'm actually gonna find the most popular cell separators out there to maximize the effectiveness.
Show threadOlivier GuinartFeb 28, 2024
@Xavier @huibert Not to disclose too much about my passwords' habits, but I might not only add a comma but also a semicolon 😅