Sophos Cloud Optix
GCHQ’s “Can You Crack It?” website, designed to help recruit talented codebreakers for the British government department, is getting lots of attention from the media and bloggers – but some of that may be unwanted.
A number of bloggers and Twitter users have pointed out that GCHQ appears to have done rather a poor job at locking down the website, making it child’s play for anyone to visit the webpage you’re only supposed to see if you’ve successfully cracked the code.
All it takes to find the page is to use the site: command in Google, as the “Can You Crack It?” webmaster seemingly didn’t hide the success page from search engines.
Oops!
Of course, none of this means that the code-cracking competition isn’t still worth participating in. It was perhaps inevitable – once GCHQ’s involvement in the challenge was known – that some would ferret around for chinks in the website’s armour.
Embarassing 😉
Not exactly cracking the code, but I guess gets the same result… as going to their site and clicking careers.
Thanks for the link to our alwaysbetesting.co.uk web site – much appreciated
While I and I am sure many others may be interested in working for GCHQ, they really need to pay considerably more for experienced roles (unless both of the ones advertised are in fact fairly junior?) if they want to attract the best talent.
Null and voice? I like it!
Don’t you mean “null and void”? I’ll assume that was a spell checking/auto-correct blunder.
You only just noticed this? My first though was ‘wget’. I’ll still give it a try, out of a sense of fair play 🙂
I think this is not a security error but a 'Honey pot'. The purpose being to discover the Hackers in the UK for their files. White hat social engineering!
"soyoudidit.asp"
So they're using "classic" ASP, which was superseded 11 years ago.
And people wonder why the UK government is stuck with IE6!
Why be a slave?
When u culd be the aktool guvnmnt insted.
Git moor IMPACT
Apply here for guaranteed putinplace goingforward delivery for
Scary Hardworking … families and driving …Rollout Any Time Soon to 21st Century traction 4 win-win excellence added value & wealth creating showcase KickStart or DRAW DOWN, potentially – like ennit.
a big X
Bloody SIMPLES !
Seeing what is beyond the winning line doesn't seem like a problem to me. As the test is crossing the line and if you haven't crossed it then they aren't going to be so interested in giving you a medal…
Pr0t3ct!on#cyber_security@12*12.2011+ is the passcode 10 min hmm wonder why they made it this easy oh well its just another day I guess in the world of IT and I just do UNIX and LINUX engineering lol oh yeah I am also a certified ethical hacker lol what a joke … oh well I have a clearance at least
@wemix care to walk us through the decryption process???
@wemix how did you come to that answer? I am looking at it and can’t work it out. Fair play to you.
Its pointless in the first place, once completed, it just gives you a link to their jobs page anyway. So cut out the middle man, and head straight to the GCHQ jobs on their website, easy, and with 100% less work!
As a thought. Who's to say that the google search method WAS the way to crack it, that it was done on purpose?
I am more interested in learning how to work out the answer to the problem than in cheating or accidentally discovering my way to the congratulations page. The digits and letters look like they are written in a hexadecimal system which runs 123456789ABCDEF where F=15 in our decimal system, e.g. eb = 14 x 16 + 11 = 235. Converting them to decimal numbers doesn't seem to help, though I haven't reached the end yet.
But finding the answer the hard, slow way would not impress GCHQ if there are easier and quicker ways.
The first step of the problem is that it's not actually code per-se, it's x86 machine code a fragment of a program you have to run with some missing code in it that you can figure out.
What is really silly is that they should have put down terms & conditions !
How did Google find it?
Err? The ability to think laterally and circumnavigate a problem is also a very desirable skill set for GCHQ. It will not have escaped their attention that some people discovered this 'back door' early on. The ability to reliably get from A to B successfully is the important part of the process. Apart from that, there are much more powerful computer programs that can handle the pure code breaking.