我的一个朋友是通过GET登录的。不用说，他吸取了惨痛的教训。

一家销售电脑的公司用FrontPage建立了一个网站，每个人都可以完全访问。

我认为超级用户访问的空白用户名/密码字段是迄今为止最糟糕的。但我亲眼看到的是

if (password.equals(requestpassword) || username.equals(requestusername))
{
    login = true;
}

太糟糕了，一个操作员就有这么大的不同。

我们有一个旧的计算机集群，在我工作的一个实验室里没有运行。几个本科生认为，让它运行起来会很有趣，这样他们就可以学习一点并行计算了。他们让它运行起来，结果证明它非常有用。

One day I came in and was checking out the stats...It was running at 100%. Now this was a 24 node cluster and there were only 3 of us that ever used it so it was a little strange that it was running at this load. I started playing with it, trying to figure out what was loading it...turned out someone had gained access and was using it as their own little porn server and spammer. I asked the undergrads what kind of security they put on it, they looked at me and said "Security? We didn't think it would need any."

我给它加了个密码，就这样。把它用作色情服务器的人原来是一个本科生的朋友。

Windows 95和98有史上最严重的漏洞。如果你只是按下取消，你将以管理员权限登录:)在我爸爸的工作中度过了美好的时光:D

我的一家公用事业公司在他们的信用卡表单中没有使用自动完成="off"。

当然，他们不会存储你的信用卡信息(一件好事)，但想象一下当我支付第二个月的账单时，我有多害怕，我的浏览器竟然为我填写整个信用卡号码……