Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

Filed Under: Cryptography, Featured

It's almost time for the annual AusCERT conference in Queensland, Australia.

And for everyone who's asked, the answer is, "Yes! There's a #sophospuzzle."

And a Sophos AusSHIRT to go with it.

Over the past few years, the Sophos AusSHIRT Puzzle has become a something of an institution.

It's also one of the coolest and most sought-after giveaways of the show.

(What am I saying? It's the most sought-after giveway!)

For those who won't be on Queensland's Gold Coast later this week, we'll also be publishing the puzzle for you to solve and enter online.

There are prizes, as usual: geeky toys at the show, and a bunch of T-shirts for those who solve it online.

In previous years, the puzzles typically had multiple stages, with the shirt decoding to a URL, and the URL taking you to the next level, and so on.

Many of you asked us to make the 2013 puzzle a little more self-contained, notably so that those who are attending the conference don't need to spend hours on their computers working their way through it.

Instead of three stages, this year we've given the puzzle three dimensions (OK, technically it's an isometric projection into two dimensions, but bear with us here), and just one stage.

So you can solve this puzzle straight from the shirt, using nothing but pencil, paper and intellect.

Of course, you can still throw some home-hacked scripts at the problem if you want: a little bit of brute force goes a long way, and you can leave your scripts running while you attend the conference parties.

We'll fill in the real letters in the squares of the Rubik's Cube when the puzzle proper starts. (No, the answer isn't "UTM". Well, not this answer, anyway.)

The real thing, complete with handy hints, will be published on Naked Security to coincide with the official opening of the conference, on the evening of Tuesday 21 May 2013, at 2013-05-21T18:00+10.

That's 6pm Queensland time, 4pm Singapore time, 10am in Berlin, 9am in the UK, 4am in New York and 1am in California.

It'll also be half past five in the morning in Newfoundland, and quarter to two in the afternoon in Kathmandu, for those of you who doubt the need to take fractional timezones into account when programming.

Just so you know, the puzzle is a cryptogram, which means that the letters on the cube have been scrambled using an encryption algorithm.

It's a slightly wacky and unusual cipher, with both substitution and transposition, but the substitution always replaces each plaintext letter with the same encrypted letter.

So you shouldn't need a computer to solve it.

As usual, you'll be able to follow the puzzle on Twitter using the hashtag #sophospuzzle.

Sophos Australia will feed you hints on the @Sophos_ANZ Twitter feed, so follow the SophOz team for some extra help.

And I'll be keeping a watchful eye on proceedings via @duckblog.

Hope you can join us online, even if you won't be there to pick up a shirt!

, , , , , , ,

You might like

4 Responses to Get ready for the next #sophospuzzle - coming soon to a T-shirt near you

  1. UnionDoc · 871 days ago

    It's hard to believe that you haven't set up a store to SELL the shirts?!!

    • Paul Ducklin · 871 days ago

      You're not the only one to suggest that...we've been thinking about it.

      Let's get this one in the bag, then we can think about merch. (We'll have to sneak a tiny difference into the "I solved it" shirts so that those In The Know can tell who solved the puzzle and who simply bought their way in :-)

  2. ...and those of us who do not use twitter... fb or any of that?

    • Paul Ducklin · 870 days ago

      Unlike social networking sites like FB and LinkedIn, you can follow a Twitter hashtag without needing to login, or even having a Twitter account.

      Just visit this URL:

      I'll be giving an email address, too, where you can ask me for help. If you think I might be inclined to do so...

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog