Now this is bad security (yet another Sony story)

Friday, July 22, 2011 | En Español

I'll take a little deviation from the usual posts just to share and leave this as a reminder of how not to implement security.

The captcha generating function at Sony doesn't generate an image, just some text and changes its style. I am sure that this script will not last long in there, but here, have some fun:

http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp 

They do "disable" the mouse, but you can see the source code from the menu, or pressing CTRL+U in about any browser, or CTRL+A (select all), CTRL+C (copy) CTRL+V (paste). Or, if you have a terminal with curl installed:

curl http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp 2>/dev/null | grep "<b>" | sed "s/[<>]/ /g" | awk '{printf($2)}'; echo

Categories: Commands, Linux