Genii Weblog


Civility in critiquing the ideas of others is no vice. Rudeness in defending your own ideas is no virtue.


Wed 22 Oct 2003, 05:42 PM
AOL seems to have an unusual shortcoming with regards to passwords.  I can't quite decide how big a deal it is, but it is certainly odd to use the wrong password and still get in. Here's the situation.  I have an AOL account (please, I know, I know), and the password is something almost completely unlike '47fancy2' (because this is after all a public weblog, so I'm not going to reveal my password here).  What I have discovered is, if I enter '47fancy295' or '47fancy2thelastdance' or '47fancy24601', they all work just fine as passwords.

OK, this may seem stupid, but if I were using Lotus Notes and my password were 'abc', which sounds frightfully insecure and easy to break, I would still be OK if a hacking program tried all five character combinations under the mistaken assumption that I was using at least five characters.  AOL would let me in as soon as one of those combinations started with 'abc', so it is clearly less secure.

What's more, I am not sure what this reveals about the password algorithm utilized by AOL.  Do they just start comparing letters until they reach a valid password?  I should probably report this to someone, although chances are they won't change it.  The real question is, who would I even report it to?  Anybody know?

Copyright © 2003 Genii Software Ltd.

Wed 22 Oct 2003, 12:10 PM
I'm travelling to London on Saturday for the Groupware Magazine Admin-Developer 2003 conference, which starts Monday.  I'll be presenting a couple of sessions, one called Rich Text Tips, Tricks and Techniques and another called Advanced Notes/Web Coexistence.  In addition, I'll be meeting with a few people, and should have some material at the Penumbra booth.  I'd love to meet up with any clients, partners or even blog-devotees.  Let me know if you are attending or will be in the area and would like to meet up.

Other presenters include Rocky Oliver, Rich Schwartz, Andrew Pollack, Dieter Stalder and a bunch more.  It should be a great conference, and a bet you could still get in if you tried.  

I'll be connected and might blog while in London, but I will certainly post the session materials and demos after they happen.

Copyright © 2003 Genii Software Ltd.