Relics from the past – they are still out

Many years ago, when the World Wide Web was relatively young, and many people was optimistic about security a lot of webpage was created with kind of security features which are this days are simply hilarious. Many of those pages are still out there, and working, and giving false sense of hope about security….

A few days ago I found a webpage, which are one of those old relics. Was a bit curious, so I hit the F12 button in my browser, to see what is under the hood.
I found this:

<form>
  <p>Login name : 
    <input type="text" name="text2">
  </p>
<p> Password :
<input type="password" name="text1">
  <input type="button" value="Log in!" name="Submit" onclick=javascript:validate(text2.value,"User",text1.value,"123456") >
</p>
<p>You need to log in to see the Honey Pot! </p>
</form>

And few lines lower there was a script block:

function validate(text1,text2,text3,text4)
{
	if (text1==text2 && text3==text4)
 		load('honeypot.html');
	else 
 	{
  		load('error.htm');
 	}
}

Well, basic HTML and JavaScript don’t give much to secure the sites, but still that code is just really nothing. Basically it’s just waste of lines of code. So many webpage is out there still using its kind of techniques, giving false sense of security. In 2013, it’s not too hard to replace those codes, ones, which provide more security. This kind of “security” is penetrable for everyone over age 2.5.

Actually, there are easy to found much worst thing. Few days ago, with my colleagues we checked what Jenkins page can reveals us. The sights was terrible, actually it’s kind of horror. There was our login name with our passwords in its source! Basically everybody can get the login and password information to gain access others accounts, who can access Jenkins… So, basically after every check-in you should change your password…. :/