You must log in or # to comment.
Use EICAR test strings as passwords so when the password is stored as plain text the antivirus software will delete the file.
Dude makes a whole binary of a virus his password.
Doesn’t have to be a binary file, toss the string in a txt file and the AV still throws a fit.
01001000 01100101 01101100 01101100 01101111 00101100 00100000 01110100 01101000 01101001 01110011 00100000 01101001 01110011 00100000 01101110 01101111 01110100 00100000 01100001 00100000 01110011 01110100 01110010 01101001 01101110 01100111 00100000 01101111 01100110 00100000 01100010 01101001 01101110 01100001 01110010 01111001 00100000 01110100 01101000 01100001 01110100 00100000 01110100 01101111 01110100 01100001 01101100 01101100 01111001 00100000 01110111 01101111 01101110 00100111 01110100 00100000 01101001 01101110 01100110 01100101 01100011 01110100 00100000 01111001 01101111 01110101 01110010 00100000 01110000 01101000 01101111 01101110 01100101 00100000 01101111 01110010 00100000 01100011 01101111 01101101 01110000 01110101 01110100 01100101 01110010 00100000 01110111 01101001 01110100 01101000 00100000 01100110 01110101 01110010 01110010 01111001 00100000 01110000 01101111 01110010 01101110 00101110 00100000 01010100 01101000 01100001 01110100 00100000 01101001 01110011 00100000 01100001 01101100 01101100 00101110 00101110 00101110 00100000 01000100 01101111 01101110 00100111 01110100 00100000 01100011 01101000 01100101 01100011 01101011 00100000 01101001 01101110 01110100 01100101 01110010 01101110 01100001 01101100 00100000 01110011 01110100 01101111 01110010 01100001 01100111 01100101 00101110 00100000 01010100 01101000 01100001 01101110 01101011 00100000 01111001 01101111 01110101 00100000 01111000 01101111 01111000 01101111
What is an EICAR test string?
a computer file that was developed by the European Institute for Computer Antivirus Research (EICAR) and Computer Antivirus Research Organization to test the response of computer antivirus programs. Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use real malware.
This sounds like a step towards computer vaccines, and I’m not about to let my computer get autism, thank you.
Joke’s on you, all computers are autistic.
This is cs101 smh
Sir this is a cs101
I am really liking this place.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
A specific string of text that you can use to test your AV without actually grabbing a virus.
Unfortunately there is significant overlap between plain-text-password-servers and servers that can’t be bothered to use antivirus. Also, the string may not work if it’s not at the start of the file. AV often doesn’t process the whole file for efficiency purposes.
It’s not about the password on the server where you want to log in, it’s about CSV files stored on the machine of the cybercrook who wants to use the passwords to steal people’s identities.
Sadly it wouldn’t work if found in a CSV file with other records:
According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long. As a result, antiviruses are not expected to raise an alarm on some other document containing the test string
They actually thought it through, huh?
For some reason that surprises me from the AV vendors
unfortunately, nearly all AV abides by the “cannot be larger than 68 bytes” rule
According to EICAR’s specification the antivirus detects the test file only if it starts with the 68-byte test string and is not more than 128 bytes long.
Unless you’re the only one in the dump, no :c
fun fact, “commas” does not require an apostrophe
Single quotes are another great way to mess with unsanitized data input though
I’m watching the collective knowledge of my civilization crumble and I’m powerless to stop it
deleted by creator
If you have to ask Grok … : /
I have a urge to create a lemmy equivalent of grok now
Commas might be the comma’s property. Step off.
But then add comma’s what?
Add comma’s
Add commas what?
Adding an apostrophe makes the s possessive
The apostrophe is to announce that the next letter will be an ‘S’!
As observed by that legendary grammarian Dave Barry.
Don’t
I’m sorry, i think you meant don’s
You shouldn’t’ve.
I’d’nt’ve
You’re possessed by a GrammarNazi spirit!
We live in a society!
It’s OK for people to be offended by lazy editing. This isn’t a language barrier problem, which would be an acceptable excuse. This is lack of attention.
Not really, it is sad to expect perfect grammar on a casual forum. People are usually posting/commenting here inbetween other stuff.
Real life > social media.
An apostrophe might have an even better effect than a comma. PSA: Don’t shoot yourself in the foot by escaping commas or apostrophes! Like in password:“,\,',\‘’!DROP TABLE(''users')” That’s more likely to “trick” the log on machine that to bust a CSV file.
Can confirm, my WiFi ssid is
'); DROP TABLE `users`;--. Android always refused to join my network from a qr code.
Interesting… I wrote a gag comment about using an SQL injection as my password and crashed the Lemmy API. Using connect if that makes any difference.
noice! Did the ‘; DROP TABLE USERS;’ respond?
Almost line for line. A wall of XML popped up when I hit submit. Looks like yours went through.
Can you make a pastebin of the text? I’m curious.
Like the Bobby tables? Can u put it in a coffee?
Bobby’, –
Crazy
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
SQL injection in the big 2025…
add apostrophes to your meme to reduce clarity
Sadly, no. CSV files can deal with embedded commas via quoting or escaping. Given that most of the dumps are going to be put together and consumed via common libraries (e.g.python’s csv module), that’s all going to happen automagically.
Can be != will be
You’re looping over 50M records, extracting into your csv. Did you bother using the appropriate library, or did your little perl script just do
split(/,/,$line)What about quotes (single/double) and \s mixed with commas?
Everything you can use for a password can be escaped out of a csv. Partially because csvs have to be interoperable with databases for a bunch of different reasons, and databases are where your passwords are stored (though ideally not in plaintext). There’s no way that I can think of to poison your password for a data breach that wouldn’t also poison the password database for the service you’re trying to log into.
Gotcha, that’s what I was thinking as well. I haven’t done any software development in a long time (I have a degree in it, but professional career sent me down another path in tech), so my memory on input sanitization is very rusty. Thanks for the response!
Once in a while you come across fools like me who write it all from scratch cause it’s fun. Live and learn
\"?
Don’t add apostrophes to make words plural, that’s not now it works.
Until next time
They had to out a comma in there somewhere. Even of it was in the wrong place and upside down.
Shouldn’t that be https://en.wikipedia.org/wiki/Modifier_letter_turned_comma?
I think it’s actually to protect the words from the evil S’s.
Mine are typical error messages.
See you next time!
Comma, single quote, double quote, escape last
\and all your cases are covered.CSV has standard escape sequences. This is pointless
See RFC-4180:
yeah unless you’re dealing with some steaming pile of vibe-coded shit this is a dumb as fuck idea.
(have seen people who don’t know how to appropriately use an LLM just let it wholly reimplement standards, read it over, and then say “oh wow that works great!” smh…)
Then add escape sequence to your password!
Little Bobby Passwords
ngl this got a good fucking chuckle out of me
Why did the creator add an incorrect apostrophe in “commas,” but not “passwords?” At least be consistent!
This is why I always use random Korean characters to seperate my columns.
Is there a way to add a tab into my password?
You can try \t. Try adding a bell while you’re at it.
ok, I’ll have a password like this
. , : /t ;
I didn’t hear any bells, but it’s a start. 👍
