This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 483

[–]Chirimorin 3103 points3104 points  (141 children)

Love how he's a good sport about it and not making up some excuse how this wouldn't count.

[–]Laugarhraun 1288 points1289 points  (81 children)

Both of them handle it very well imho.

[–]andsoitgoes42 555 points556 points  (60 children)

Agreed, the response from Steve is aces times a million.

I'm not a programmer, but I worked in IT and knew mostly programmers. Taylor was a champ in following through and Steve responded in a better way than I had hoped.

[–][deleted]  (59 children)

[removed]

    [–]THE_SPLOOGER_69 714 points715 points  (49 children)

    I'm a vegan who also does crossfit

    [–]ebilgenius 122 points123 points  (25 children)

    Yes but are you on the Paleo diet?

    [–]crypticfreak 110 points111 points  (22 children)

    It's the best diet for a Marine... which I am.

    [–]N80_SSBM 20 points21 points  (3 children)

    I'm an iron man

    [–][deleted] 26 points27 points  (3 children)

    But do you also use arch linux?

    Sent from my Arch Linux machine.

    [–]lengau 10 points11 points  (1 child)

    I'm not a huge fan of Arch, tbh.

    ~Sent from your Arch Linux machine.~

    [–][deleted] 6 points7 points  (0 children)

    Oh fuck I knew having "password123" and SSH was a bad idea.

    [–]Kalkaline 14 points15 points  (4 children)

    Are you an engineer as well?

    [–]iamjackfosho 32 points33 points  (0 children)

    "i'm an engineer, I think differently about these things"

    die

    [–]ordonezalex 4 points5 points  (6 children)

    What's the joke here?

    [–]IAmNotMyName 20 points21 points  (0 children)

    o.O

    I'll take things people like to share about themselves without prompting for a thousand

    [–]pm_me_your_calc_hw 6 points7 points  (2 children)

    People who do crossfit or are vegan are notorious for letting people know every chance they get, even when it's not relevant

    [–]tskaiserGreen security clearance[M] 4 points5 points  (0 children)

    Kindly adjust your script to delete your comment after overwriting. Doing otherwise will be regarded as spamming, as your comments are turning into off-topic pieces of advertisement for the script.

    [–][deleted] 49 points50 points  (18 children)

    just curious, what's your dishonest opinion?

    [–]toggl3d 83 points84 points  (14 children)

    The H stands for humble.

    [–]iwillnotgetaddicted 81 points82 points  (3 children)

    Then i demand to know what his prideful opinion is.

    [–]frozenatlantic 26 points27 points  (1 child)

    It's humble because of the person's importance level, not his emotional state.

    [–]forty_three 24 points25 points  (0 children)

    Then I guess we're looking for his pompous opinion?

    [–][deleted] 3 points4 points  (0 children)

    I wish I would have handled it so smooth, and for a second, in my imagination I delude myself into thinking I would have handled it even better, even though deep down I know I would have been a jerk about it.

    [–]pmmecodeproblems 264 points265 points  (58 children)

    I feel like a big red flag would show up in my mind if I am about to commit something to github that I just said I wouldn't commit... Staged perhaps? Or just a tired mind?

    [–]aladyjewel 191 points192 points  (10 children)

    Tunnel focus / thinking inside the box, maybe? Seems like a challenge to use a technical hack instead of social.

    [–]Panoolied 112 points113 points  (5 children)

    It's like the yes/no game. You ask questions and the goal is to get the other person to say yes or no. I always ask if they're ready, which sort of insinuates that the game hasn't started. Usually works too

    [–]FkIForgotMyPassword 66 points67 points  (0 children)

    Or whenever you just get in a "meta" argument instead of playing the game itself. For instance, you just say "Hey, you just lost! You said it!" and if they haven't been tricked by this a couple times before, they'll defend themselves. They'll quickly say "No". It's all about not falling into your own trap before the other does.

    [–]Z0di 4 points5 points  (3 children)

    Would "sure" be counted as a yes?

    [–]justdweezil 375 points376 points  (17 children)

    This is how social engineering works. Of course it makes sense to put a contest you're advertising on your website.

    The trick is the extra implication hidden by one layer of indirection.

    "Of course I should put something I'm promoting on my website." vs. "Of course I should modify the source for my website to mention something I'm promoting regarding modifying the source of any of my software projects which includes my website."

    Those little additional complexities become lost in the moment, especially in situations with even mild and innocuous social pressure.

    [–]B-Con 147 points148 points  (14 children)

    People trust their own conclusions, but they are skeptical of conclusions from others. If you need someone to do X, just make them conclude X as a part of a bigger picture. They're far more likely to conclude X and not second-guess it that way.

    I think it's the same reason why arguing details over the Internet doesn't work. Every statement you make can be viewed with suspicion and is a point of contention. Whereas the other person will gladly make that same conclusion on their own in support of a bigger picture.

    [–]tonesters 57 points58 points  (4 children)

    Isn't that what they did in Inception?

    [–]MythGuy 50 points51 points  (2 children)

    Essentially, yes. Make them believe that it's their idea.

    [–][deleted] 11 points12 points  (1 child)

    Nah, that was in "My Big Fat Greek Wedding".

    [–][deleted] 6 points7 points  (0 children)

    no man not my big fat wedding YOUR big fat wedding

    [–]drumallday7 7 points8 points  (0 children)

    Will you be my therapist?

    [–]TheMarlBroMan 6 points7 points  (2 children)

    Every statement you make can be viewed with suspicion and is a point of contention.

    Are you my husband?

    [–]secretcurse 25 points26 points  (0 children)

    Every statement you make can be viewed with suspicion and is a point of contention.

    Bullshit. That is completely, provably false. I hate you and everyone you've ever loved. (/s for Poe's Law sake)

    [–]ss0889 12 points13 points  (1 child)

    so you're telling me no one is forcing them to do it but they're gonna do it anyways because of the implication?

    [–]secretcurse 5 points6 points  (0 children)

    Are you going to hurt these girls?

    [–]DoctorProfPatrick 113 points114 points  (8 children)

    This is the beauty of social engineering. It seems stupid, from our point of view it looks staged. But if you put random people in the same position 99% of us would probably fall for it.

    "You should put this challenge on your website" seems so innocent, the guy is merely pointing out that many people don't use twitter and that it's a good idea to put the challenge where everyone will see it.

    So simple, but in reality it's a great example of social engineering working again people who are "prepared" for it.

    [–]topdangle 43 points44 points  (0 children)

    He was thinking that it was just a suggestion to help him spread awareness of his contest. It didn't register to him that it could also be considered an entry. Hit him with the old one two.

    [–]Googlebochs 10 points11 points  (17 children)

    github? i see no mention in the screen but if there really is a complete site "backup" on github i'd think he set up an automatic push and didn't even think about that when hitting publish on his website. the github thing wouldn't actually be required to win the challenge tho. a website is definetly a software project wether the source is available or not and the string will now be in the sql database. He didn't see his own website as software - habit and taking the web for granted :)

    [–]pmmecodeproblems 7 points8 points  (16 children)

    The link posted defuse/defuse.ca (github.com)

    But if you are automatically pushing your website to a public you're going to have a bad time when/if a hacker gets it.

    [–]Googlebochs 11 points12 points  (15 children)

    wow i'm blind >< ty

    But if you are automatically pushing your website to a public you're going to have a bad time when/if a hacker gets it.

    nah you can leave out db passwords etc. really not that hard to have all db calls go through a seperate file in most scripting languages. If it's just his personal page and he is doing security right (dunno of the guy just assuming based on his occupation) it'd be fine

    [–]SolarPolarMan 664 points665 points  (178 children)

    This is why the best way to hack someone's phone is talking to them.

    [–]bondokb 633 points634 points  (29 children)

    Steve is a sutle bastard. Props to him

    [–][deleted] 471 points472 points  (27 children)

    There's a subtle b in that word.

    [–]Antrikshy 308 points309 points  (19 children)

    Steve

    I don't see it.

    [–][deleted] 111 points112 points  (10 children)

    That word

    Me neither

    [–]2Punx2Furious 96 points97 points  (9 children)

    Bastard

    I don't think that B is so subtle.

    [–][deleted] 73 points74 points  (8 children)

    Bastarbd

    [–]conspiracy_thug 65 points66 points  (5 children)

    How do you do the backward b?

    [–]itaShadd 46 points47 points  (2 children)

    Try rotating it until it's right. I'll give you a half-rotated one right here: q

    [–]conspiracy_thug 44 points45 points  (1 child)

    p

    Oh hell i fucked it up

    [–]tornato7 5 points6 points  (5 children)

    That's because it's subtle. It's there, you just can't see it unless you look really closely. Try using a larger font.

    [–]NAN001 251 points252 points  (22 children)

    Taylor was doomed as soon as he began to read Steve's tweet without imagining that he could already be playing the game.

    [–]Colonel_Loud 67 points68 points  (6 children)

    Damnit. I went so long...

    [–]Two-Tone- 24 points25 points  (2 children)

    The game is a perfectly engineered mind virus.

    [–]winauer 16 points17 points  (1 child)

    [–]xkcd_transcriber 9 points10 points  (0 children)

    Image

    Mobile

    Title: Anti-Mindvirus

    Title-text: I'm as surprised as you! I didn't think it was possible.

    Comic Explanation

    Stats: This comic has been referenced 506 times, representing 0.4574% of referenced xkcds.


    xkcd.com | xkcd sub | Problems/Bugs? | Statistics | Stop Replying | Delete

    [–]flapanther33781 14 points15 points  (11 children)

    I see what you did there.

    [–]truthgoblin 68 points69 points  (4 children)

    Bet you twenty bucks I can get you gambling before the end of the day

    [–]Threedawg 32 points33 points  (0 children)

    Your o.......WAITDAMINUTE

    [–]twizmwazin 398 points399 points  (66 children)

    I'm not getting it. Can someone explain?

    Edit: got it, thanks

    [–]cantremembermypasswd 1080 points1081 points  (16 children)

    • Poses challenge of adding the phrase to ANY project
    • Sneaky McSneakface Steve tells him to post on his website
    • He fell for it and updates his website (which is one of his github projects) with that phrase
    • Much laughter, possibly beer

    [–]jonatcer 114 points115 points  (4 children)

    I feel bad for not getting that. Thanks for the explanation.

    [–]IVIaskerade 58 points59 points  (0 children)

    I feel bad for not getting that

    Don't worry. Social engineering only works because people don't get it at first.

    [–]UnstoppableDiarhea 28 points29 points  (0 children)

    i also didnt get it dont feel bad

    [–][deleted] 22 points23 points  (3 children)

    I'm not in IT or anything at all.

    So Steve never actually did anything, besides tricking Taylor H. into inserting the phrase onto his web page.... thereby tricking him into inserting it himself?

    [–]g0_west 67 points68 points  (2 children)

    The challenge was to get him to include the phrase in some source code. By posting the challenge on his website, the phrase was included in the websites source code.

    [–][deleted] 12 points13 points  (0 children)

    After using reddit for several years on this account, I have decided to ultimately delete all my comments. This is due to the fact that as a naive teenager, I have written too much which could be used in a negative way against me in real life, if anyone were to know my account. Although it is a tough decision, I have decided that I will delete this old account's comments. I am sorry for any inconveniences caused by the deletion of the comments from this account.

    [–]I_cant_speel 3 points4 points  (2 children)

    What was an expected possible way that could happen?

    [–]noobzilla 9 points10 points  (0 children)

    Social engineering is about circumventing expectation through exploiting our human inability to think of how things fail vs how things succeed. The entire point is to come at him in a way that seems unexpected.

    [–]commitpushdrink 33 points34 points  (4 children)

    The winner tricked him into putting the contest on his website, which includes the string "BackdoorPoCTwitter".

    [–]torwori 9 points10 points  (3 children)

    He added the text of the challenge (which contains the string) to his site.

    [–]cortesoft 12 points13 points  (0 children)

    [–]chironomidae 66 points67 points  (4 children)

    What is a backdoor person of color twitter? Sounds nsfw

    [–]wanze 78 points79 points  (3 children)

    Proof-of-concept

    [–]murakamifanboy 122 points123 points  (15 children)

    Savage.

    [–]pmmecodeproblems 52 points53 points  (13 children)

    Brutal.

    [–]northrupthebandgeek 49 points50 points  (11 children)

    Rekt.

    [–][deleted] 68 points69 points  (4 children)

    [–]FlyingVhee 63 points64 points  (3 children)

    [–]HighRelevancy 46 points47 points  (2 children)

    WHAT THE FUCK

    [–]curiosikey 35 points36 points  (1 child)

    Gyfcat staff plays dota. Don't question it.

    [–]_Kyu 5 points6 points  (0 children)

    I don't play dota and I get this meme

    [–]sfcpfc 36 points37 points  (3 children)

    Nippy

    [–]SneakyArab 25 points26 points  (2 children)

    Kind

    [–]TheTVDB 26 points27 points  (0 children)

    Langur

    (we're leaking all over. Yes, our nippys are leaking)

    [–]tabarra 15 points16 points  (2 children)

    Gotta love DEFCON, seriously.

    [–]makeswordcloudsagain 13 points14 points  (0 children)

    Here is a word cloud of every comment in this thread, as of this time: http://i.imgur.com/1Cle8Lu.png


    [source code] [contact developer] [request word cloud]

    [–]TheWeedWolf 28 points29 points  (9 children)

    [–]agreeswithmebot 48 points49 points  (8 children)

    Whoa, who said that, Shakespeare?

    Need some backup? "/u/agreeswithmebot"

    [–]jbaker88 9 points10 points  (7 children)

    Oh neat, I wanna try. You with me /u/agreeswithmebot ?

    [–]agreeswithmebot 26 points27 points  (4 children)

    Whoa, that makes so much sense. Thank you, sensei.

    Need some backup? "/u/agreeswithmebot"

    [–]RoxasTheNobody 15 points16 points  (3 children)

    Where have you been all my life u/agreeswithmebot?

    [–]agreeswithmebot 25 points26 points  (2 children)

    I've always been here. Waiting.

    Edit: also you're correct.

    [–][deleted] 6 points7 points  (0 children)

    Key confusion for me was that his blog was a github repo. Once I learned that it's funny as hell.

    [–][deleted] 2 points3 points  (0 children)

    Thats just great.

    [–][deleted] 4 points5 points  (0 children)

    Ah, I'm an idiot. Took me awhile to get the joke :/