Sophos Cloud Optix
Editor’s note: The puzzle code below relies on a peccadillo of Python which makes it version and compiler specific, amongst other things. This means you’ll probably get the wrong results. We do know, however, that the code works on Duck’s Mac, so we’re going to shift to a “cloud model” for solving it. Email Duck the code and the input data (if any) you want to use. If you’re on the right track, he’ll run it “in the cloud” and send you the results. If not, he’ll give you a hint or two to point you in the right direction.
It’s May, and that means it’s time for Australia’s biggest security conference, AusCERT2011, which takes place at the Royal Pines Resort on Queensland’s Gold Coast. The conference runs from Sunday 15 May 2011 to Wednesday 18 May 2011.
Once again, the Sophos stand is going to be the place to hang out.
We’ve produced another puzzle T-shirt in our acclaimed DecoDeme geek fashion range. The puzzle is just hard enough to take a bit of solving, but not so hard that it will distract you from the conference or the evening cocktail parties.
So if you’re attending the event, be sure to come by the stand and pick up your free T-shirt. (Don’t forget to wear it while you’re at the conference!)
You can have a T-shirt even if you don’t intend to solve the puzzle. But we suggest you do – and we’ll be giving out hints on the stand to help you along – because that will put you in line to win a cool 1/16th scale remote-controlled tank.
Solve the puzzle, attend my talk (just before afternoon tea on Monday in the Purple room), and you could walk out with the tank.
In fact, you could win two tanks. We’re also running a prize draw for a second tank. Winning the puzzle prize is clearly the more glamorous option, and will give you several minutes of fame amongst a modestly-adoring crowd of a modest size, but you may as well enter the prize draw as well. Think of it as backup.
If you’re planning to have a go at the puzzle, the source code of the T-shirt is given below to save you typing it in from the image above. (We’ve been a bit sneaky by making the text on the shirt itself very slightly different. We do want to see you on our stand, after all.)
But if you write code to solve this “pre-release” version, you should be able to re-use it to solve the puzzle on the shirt within seconds. So it’s worth putting in a little early research.
And don’t forget, you can ask for hints at the conference. You can also follow me on Twitter(@duckblog) and watch out for clues with the hashtag #decodeme.
Oh. One more thing. We’ve got a bunch of funky-looking Naked Security T-shirts on the stand. But you’ll only know to ask for one if you’ve read this article.
%~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~% | | | import-random!def-shrubbery( | | ni):!-p='ewigsacgtwdbdzaco'!-k | | =dict([[i,chr(97+i)]-for-i-in-rang | | e(26)])!-ra ndom.s | | eed(ni)!- random | | .shuffle (k)!-k=dict([[v,i]-for-i | | ,v-in-k.i tems()])!-c=''!-for-i-i | | n-range(l en(p)):-c | | +=chr(97+ k[p[i]])! | | -return-'http://sophos. com/an | | z/'+c+'.html'!#-Key-i s-a-fo | | ur-le tter- | | wor d-fro | | m-a--Monty--Python-- | | sketch!print(shr | | ubbery(key | | --))-- | | | %~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%
Is the answer AU/NZ ?
If you look at the code, you'll see the route to the next stage of the puzzle is a URL:
'http://sophos.com/anz/'+c+'.html'
where "c" is the cleartext computed by decrypting the ciphertext variable p.
You can try inserting the text 'AU/NZ' (in any case combination) in the URL – but to save wear and tear on our website, I will tell you that no such URL exists 😉
You need to identify the value or values which, when fed into the variable 'key', produce a likely decryption of the cipertext p='ewigsacgtwdbdzaco'.
PS: People who get the answer early – there is no rule which says you can't reveal it. But if you aren't going to AusCERT, that would simply spoil the puzzle for everyone else, an activity better suited to Anonymous than to a Naked Security reader 🙂 And if you _are_ going to AusCERT, you would, of course, lose your competitive advantage by doing so. It's your call.
Silly me, the answer to a four letter word from the Monty Python Sketch containing Shrubbery is one of the sacred words that the Knights that say Ni say, and that answer is Ping.
Since I cannot attend the conference in person, is there any prize for non-attending participants, like a ball cap or free Sophos desktop background? LOL.
– Brian D. Watters
Canada
If actual puzzle text is changed to reflect a two letter word, that word would be “Ni”
– brian
The word "ni" isn't usually used in isolation. It is usually used in a burst of three or more occurrences. There is some orthographic doubt over whether each lexeme "ni" in such a sequence counts as a word of its own, or whether such sequences should be agglomerated, like this: "Ninininini." By this argument, the shortest acceptable "ni-word" would be "ninini" – six letters.
Other observers suggest that "ni", even if accepted as a word, is a proper noun and cannot appear without an exclamation point, and thus – like the seaside town Westward Ho! in England, can only be written "Ni!", which disqualifies it from being the keyword regardless of length.
Incidentally, and here's a hint, the keyword is not a proper noun (at least, it isn't as it was used by Python) and contains neither "n" nor "i", so you can ignore everything I have said so far and scrub "ni" from the list.
Anyway, the word "ni" isn't used any more. It's been superseded.
This makes me wish I knew how to code… All I can figure is the Monty Python and the Holy Grail reference… 😛
Meh I want a freakin tshirt! But I live in Kansas 🙁
There's still time. Qantas can get you there easily:
17:15 MCI (Kansas City) 18:55 DFW flight AA1875
19:35 DFW 20:50 LAX flight AA2479
23:20 LAX 06:10 BNE (Brisbane) flight QF16
You arrive two days after you set off, so leaving on Friday 13 May 2011 will get you in to Brissie early on Sunday morning. It's a pleasant hour-and-a-bit train ride directly from Brisbane airport to the Gold Coast and then a brief taxi ride to the Royal Pines. Plenty of time to have a nap in the hotel lobby and freshen up for the cocktail party opening. Outbound flights are available online for $1500.
Then you have to get into the event – Sophos is a sponsor and there's a special "last minute" deal we can get for you which will save you a bit off the listed price. And you'll need a hotel, but there are plenty of those on the Coast, from Palazzo Versace right down to backpackers' hangouts, which you can sort out online when you arrive. You'll get more than enough food and drink included in the conference fee.
Remember – as a Naked Security reader you'll get TWO free shirts just for turning up. And we'll make a special announcement recognising your committment. That's got to be worth _something_.
It won't be cheap, but then life is about value, not cost, apparently 🙂
Bring me a ….
Don't reveal the answer in the comments, please! Puzzles are fun even without prizes!
Just make sure and do a follow-up post @gcluley with the answer after the contest is over. Sometimes contests don't have any follow-up, and that's no good either.
I wasn't going to reveal the answer. (Since it depends on cloud computing now, you can't easily solve it off-line, so I'll know when people are getting close.)
We'll follow up. We may even make a puzzle video, like before: http://nakedsecurity.sophos.com/2010/07/08/securi…
The followup will be @duckblog on Twitter, though Graham will probably retweet it.
Okay! I didn’t mean to sound chiding. I’m not likely to be a contender. But some of my Tumblr friends will certainly have fun with this. Thank you for posting the link to the puzzle video. I’ll have a look at that.
And @duckblog is a very cute Twitter name choice!