sklar.com

...composed of an indefinite, perhaps infinite number of hexagonal galleries...

© 1994-2017. David Sklar. All rights reserved.

"Little Bobby Tables" vs. the US Government

Chris often cites this xkcd cartoon in security talks, since it’s a) funny and b) a good example of SQL Injection.



I was curious to see what sorts of shenanigans one can get away with in a legal name. I’m still waiting to hear back from the NYC agency that issues birth certificates but here’s what the US Social Security Agency told me:


The maximum number of characters to be shown on the Social Security number (SSN) card for the first and middle name is 26; the maximum number of characters for the last name is 26. Full names will not be reduced to initials unless the combination of first and middle names exceeds 26 characters. The only acceptable characters are alphas, hyphens, and apostrophes. The SSN card will be printed as entered into the enumeration system, but the SSN record will not display the hyphens/apostrophes.



So with hyphens and apostrophes you might be able to get away with a little syntax error mischief, I suppose.



Turns out the SSA has really detailed public documentation of all their procedures.

Tagged with fun , security , ideas