Sophos Cloud Optix
Here’s the melody – click to sing along!
It was the best of times; it was the worst of times.
The best of times, because we’re cryptographically blessed these days.
There’s a zillion times as much cryptographic computing power in the chips on our credit cards as there was in the whole of Bletchley Park at the end of World War 2.
The worst of times, because we think that the way to choose a better password than password is to choose password123 instead.
So, admittedly, it was a bit of a rhetorical question when we asked:
Do we
really
need
strong passwords?
And for your chance to win an exclusive, limited edition, Naked Security T-shirt, work out the answer to Paul Ducklin’s brain teaser below…
This December we’re celebrating Christmas by giving away five of our much-coveted, limited edition Naked Security T-shirts every day for 12 days!
We’ve selected twelve of the most interesting stories from 2014 and we’ll be writing about one of them each day.
All you have to do to win a T-shirt is read the story and answer the question.
We’ll pick 5 lucky winners out of a hat (OK, /dev/urandom) each day and those who answer the most questions correctly over the 12 days will be entered into our grand prize draw for a goody bag of geeky gifts valued at up to $500!
You’ll remember that we had a simple Caesar cipher back on Day 5 (see the solution on the Day 6 page).
Well, here’s a Caesar cipher with a difference – we’re calling it a Caesar Salad cipher:
We need to know your email address so that we can contact you if you’ve won. When we contact you, we’ll need your T-shirt size, a delivery address and a contact number so we can ship your prize. We won’t use any of your personal details for anything other than this competition.
Entries close at 23:59 Pacific Standard Time (UTC-8) each day. Sophos staff, those professionally connected to the company, and their families, are welcome to submit answers for fun, but can’t win. T-shirt styles may vary from those depicted. Sophos’s decision is final, and so on. Please read our official competition terms and conditions.
What was Day 11’s answer?
Day 11 was all about data that you thought was deleted, or buried securely, yet remained behind for others to retrieve later.
If you are old enough to have made your own cassette tapes, you’ll remember the hassles involved in erasing them.
Even after running a cassette through your machine on “record” with the input unplugged, there would be parts of the tape where you could still hear faint vestiges of what was there before.
Similarly, on magnetic hard disks, even when you deliberately wipe them by overwriting the data or zapping them in a bulk demagnetiser, there’s a chance that recoverable magnetic echoes may remain of the previous contents.
This tendency for magnetic persistence is called remanence.
These days, the word remanence is used metaphorically to describe the problem of data that doesn’t go away when you tell it to, even if it isn’t stored magnetically.
So, to put the cart before the horse, the answer to the message hidden in this image…
…is the phrase REMANENCE RULES.
How to solve it?
If you check the format of the image, for example with the utility file, you get a hint that it isn’t actually pure black-and-white:
With a two-bit colour depth, it could contain up to four different colours; in fact there are three.
There’s the white background to the maze; there are the almost-but-not-quite-black maze walls (they are actually 1 part white to 255 parts black, or #010101 in HTML colour notation); and there are some pure black pixels clustered at the middle of the image, looking very vaguely like overlaid letters.
In fact, they are overlaid letters.
If you load the image into a tool like GIMP, convert it to RGB or greyscale (to give you more dynamic range for the colours), and play with the brightness and contrast to try to tease apart the black pixels and the super-dark grey pixels, you’ll soon be on the right track:
Take things to an extreme of contrast (or use GIMP’s Color Exchange... function to change, say, pure black to lime green) and the answer will become obvious:
For what it’s worth, remanence is one of the reasons you’ll hear us urging you to “ encrypt everything.”
If data is only ever written to disk after it’s encrypted, then a crook who wants to get it back after you zap it will need both the decryption key and the remanent data fragments.
Any fragments he does recover won’t be directly legible on their own.
And, of course, we’d love to show you how to Pick a Proper Password:
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
This is tough when their is no idea of what kind of abbreviation it is.
Has anyone else been able to solve this?
Yes, quite a lot of solvers so far.
Try writing out three rows of letters, one with each letter advanced by 1, then by 2, then by 3. The answer you need is in there, left to right, picking one from each column.
The answer *should* stand out when you gaze at the possible letters to choose from…there are only 60 possible decryptions and most of them are unpronounceable.
who is the winner
Believe the answer was NAKSEC, but I could be wrong… Very anxious to get the results for the full 12 days
By results do you mean the answers (if so, see Day N+1 for the answer to each Day N for N <= 11, and see https://twitter.com/duckblog/status/545182900418019328 for Day 12 🙂
If by results you mean, "Who won overall," then we still have to work out the winner, notify them, and see if they will let us blurt out their name for the world to see…so keep your eye on the MXIPCZ site, sorry, the NAKSEC site.
Solved easily enough. Once I googled what an Apposite word was that is. I thought they made a typo! Haha.