Steven Osborn
"I would love to change the world, but they won't give me the source code".

Lamest “security” ever.

April 22, 2008 – 11:56 am

Normally I would abstain from pointing out security issues on other’s websites, but since this bit of code provides absolutely no security at all I can do so with a clear conscience. The bit of code below is from my former banks personal account login. I quickly changed banks after realizing how much they understand/care about security.

function encryptString(strPlain) {
  // Convert to lower case
  var strCipher;
  // Run the reflection cipher on each letter in the string
  var strCipher = "";
  for (i=0; i<strPlain.length; i++) { 
    strCipher = strCipher + flipLetter(strPlain.charAt(i));
      }
  return strCipher;
}
function flipLetter(chrLetter) { 
  // Executes a reflection cipher,
  // substituting one letter for its alphabetic inverse
  switch(chrLetter) {
    case "a": chrLetter = "z"; break;
    case "b": chrLetter = "y"; break;
    case "c": chrLetter = "x"; break;
    //etc, etc...
    case "X": chrLetter = "C"; break;
    case "Y": chrLetter = "B"; break;
    case "Z": chrLetter = "A"; break;
    default: chrLetter = chrLetter; break; 
  }
  return chrLetter;
}

No, your eyes don’t deceive you. They really did think a letter-substitution cypher written in Javascript was ok.

  1. One Response to “Lamest “security” ever.”

  2. LOL…just what I needed this morning!

    By Monsanto on Apr 28, 2008

You must be logged in to post a comment.

Steven Osborn is proudly powered by WordPress Entries (RSS) and Comments (RSS). Designed by Bob