Problems with NULL

ckrusen · August 14, 2019, 3:53pm

A security researcher by the name of Droogie decided to mess with the Automatic License Plate Reader systems that issue traffic fines, securing the vanity plate “NULL,” part for fun and part in the hope that this spoofed the system into returning errors whenever his plate was seen. Instead he received more than $12,000 in fines—clearly his plate became a dumping ground for erroneous data records.

…

But the serious side of the pitch for Droogie remains: “Could someone exploit one of these scenarios for profit?” And the “NULL” theory extends beyond license plates to other systems. "Would a Null surname have trouble purchasing plane tickets or cause bugs in systems if applied?

So some queries treat the string 'NULL' the same as NULL ?

I don’t buy it.

Evan_Purdy · August 14, 2019, 4:08pm

I had some BAQ’s that would fail if there were single quote marks in the parameter. Think its been patched now. The government is usually twice as crappy so it wouldn’t surprise me.

Also see relevant XKCD: xkcd: Exploits of a Mom

ckrusen · August 14, 2019, 4:17pm

I thought that link was going to be to the one about the guy with the license plate ‘0O00O0O’

Evan_Purdy · August 14, 2019, 4:46pm

I don’t remember that one, otherwise I might have posted it

ckrusen · August 14, 2019, 4:49pm

I was slightly off…