Right at the start of the .com era, I was working for a large retailer overseas. We watched with great interest as our competitors launched an online store months before us. Of course, we went to try it out... and quickly realized that our shopping carts were getting mixed up. After playing with the query string a bit, we realized we could hijack each other's sessions. With good timing, you could change the delivery address but leave the payment method alone... all that after having filled the cart with your favorite items.

Windows 95可以选择需要密码才能解锁屏幕保护程序。然而，使用ctrl+alt+del你可以杀死屏幕保护程序。

In the 1970's Stanford had IBM 2741 hardcopy terminals spread around campus networked to an IBM 360/67. Account passwords were three characters. During logon, the password prompt would overprint a three-position blob of about nine random uppercase characters, so the subsequently-typed password would supposedly be masked by the blob. However, everyone typed their passwords in lowercase, which were trivial to discern against the uppercase background blob. That meant you could usually walk up to any terminal, peruse the hardcopy typically left behind by the previous user, and easily logon with their account and password.

我曾经听说过一个在银行工作的程序员，他们以小数点后16位的精度计算他们的内部数据(包括账户余额)。

所以这个家伙改变了银行转账程序，每笔交易将0.00001美元转到他自己的账户，剩下的转到原来的目的地。我认为他们很快就抓住了他，但我不得不承认，当我第一次听说他的想法时，我觉得它很好。

login.jsp?type=user&redirct=/home.jsp&userid=12345&username=username&password=mypassword

这发生在一个非常大的网站上。当我看到这个的时候，我惊呆了。

我不想承认这一点。但是有一天，当我没有存储库的管理密码时，我发现了如何破解VSS 2005(讨厌的部分是不得不使用VSS:D)

如果您创建了一个具有管理权限的本地计算机帐户，该帐户与VSS帐户具有相同的名称，并登录，VSS会提示:

 "Hey great .. you are logged on to the computer with an account name that 
  I recognize as being the same as one of my accounts,
  and your account has admin privileges on the computer .. 
  so I am going to bypass *my* security and give you admin 
  privileges to all of VSS!!!!"

那次黑客攻击是我在谷歌上看到的第一个链接，当时我试图破解VSS密码

当然，它不会提供您所缺少的VSS密码