{"id":2504,"date":"2002-09-23T22:25:16","date_gmt":"2002-09-23T16:55:16","guid":{"rendered":"http:\/\/alpha.ravikiran.com\/blog\/2002\/09\/23\/really-stupid-security-policies\/"},"modified":"2002-09-23T22:25:16","modified_gmt":"2002-09-23T16:55:16","slug":"really-stupid-security-policies","status":"publish","type":"post","link":"https:\/\/www.ravikiran.com\/blog\/vintage\/200209\/really-stupid-security-policies\/","title":{"rendered":"Really stupid security policies"},"content":{"rendered":"<p>In increasing order of stupidity:<br \/>3) <a href=\"http:\/\/www.indiatoday.com\">India Today.<\/a>   <br \/>Hides <i>all<\/i> its content behind a <i>&#42;four digit&#42;<\/i> subscription number. Because there are only a a thousand possible numbers and more than a million subscribers, what is the chance that an <a href=\"http:\/\/www.s-anand.net\">enterprising guy<\/a>  can be kept away from the content? And what are the chances that a  <a href=\"http:\/\/www.ravikiran.com\">genuine subscriber <\/a> will take the effort to visit the site?<br \/>2) The <a href=\"http:\/\/www.economist.com\"><i>Economist<\/i><\/a><br \/>Offers some content free, has some premium content for which, like India Today, you have to enter the subscription number. But unlike India today, the subscription number is 10 digits long. So far so good. I go to the page where I am supposed to enter the subscription number. The instructions contain a 10-digit <i>sample<\/i> subscription number. On a lark, I enter the number into the space provided, thinking &#8220;They can&#8217;t be <i>that<\/i> stupid.&#8221;<\/p>\n<p>Turns out they were.<br \/>1) <a href=\"http:\/\/landmark.sify.com\">landmark.sify.com<\/a><br \/>Contains a good collection of books (but a badly normalized database). Asked me for a credit card number. &#8220;Do they accept debit cards?&#8221; My curious mind wants to know. I enter my debit card number. It accepted the number then. A day later, I get a rejection mail saying that they don&#8217;t accept debit cards after all. Two days later, I get the book. <br \/>My debit card wasn&#8217;t charged.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In increasing order of stupidity:3) India Today. Hides all its content behind a &#42;four digit&#42; subscription number. Because there are only a a thousand possible numbers and more than a million subscribers, what is the chance that an enterprising guy can be kept away from the content? And what are the chances that a genuine [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/posts\/2504"}],"collection":[{"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/comments?post=2504"}],"version-history":[{"count":0,"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/posts\/2504\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/media?parent=2504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/categories?post=2504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ravikiran.com\/blog\/wp-json\/wp\/v2\/tags?post=2504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}