Should any member of Team Reboot be looking for a puzzle...
#1
Posted 03 December 2011 - 11:00 PM
#2
Posted 04 December 2011 - 03:21 AM
GO, guys GO!
http://www.bbc.co.uk...nology-15968878
However, it added that anyone who had previously hacked illegally would be ineligible. The agency's website also states that applicants must be British citizens.
#3
Posted 04 December 2011 - 06:12 AM
#4
Posted 04 December 2011 - 10:33 AM
I don't see such a notice on the challenge site, nor is written anywhere that IF you solve the puzzle you will be enrolled as a secret agent.However, it added that anyone who had previously hacked illegally would be ineligible. The agency's website also states that applicants must be British citizens.
It is just a puzzle.
Go for it if you find fun in solving it, leave it alone if you feel like it or for whatever other reason.
The "reward" is in providing the solution and see what is behind the closed door, not in going through it.
Wonko
#5
Posted 04 December 2011 - 12:10 PM
Very true. Once again a nice link posted by you.The "reward" is in providing the solution and see what is behind the closed door, not in going through it.
#6
Posted 05 December 2011 - 11:41 AM
http://www.canyoucra.../soyoudidit.asp
http://www.gchq-care....uk/cyber-jobs/
the interesting part is the actual job offer:
https://apply.gchq-c...wms=jj&id=35874
actually quite normal (apart noting how they don't specify a citizenship requirement ), the nice part is the "guideline":
https://www.onboard-...k/docs/Your.pdf
and the linked site:
http://www.getsafeonline.org/
Wonko
#7
Posted 05 December 2011 - 01:17 PM
They DO say, but in a roundabout fashionactually quite normal (apart noting how they don't specify a citizenship requirement ), the nice part is the "guideline":
Answering "NO" will lead to this
#8
Posted 05 December 2011 - 01:50 PM
I find it a clear example of both incompetence and stupidity. (already demonstrated enough by the fact that they put this robots.txt on the site, hence the "workaround" ):
http://www.canyoucra...o.uk/robots.txt
I sincerely hope (for the safety/security of all UK citizens) that this whole thingy was made OUTSIDE the gchq by the advertisement agency (and WITHOUT ANY supervision by the Queen's good guys):
http://www.applegate...ing-1059779.htm
http://www.tmpw.co.uk/
otherwise there are reasons to be VERY scared.
Some other interesting points raised here:
http://www.whatdothe...uk_is_it_a_hoax
Wonko
#9
Posted 05 December 2011 - 01:54 PM
Against the backdrop of the UK’s new Cyber Security Strategy, which was published 25 November 2011, GCHQ is working with resourcing specialist TMP Worldwide to communicate with the appropriately skilled people in the communities in which they spend their time.
#10
Posted 05 December 2011 - 02:20 PM
but I would like an actual confirmation (of the fact that the GCHQ is "working with") by some GCHQ senior officer, only this won't probably happen (see .pdf):
What can I say in response to items in the media?
Nothing. You should not confirm or deny any articles that may be reported on by the
media. GCHQ has a press department and requests for information should be
directed to them. Tel: 01242 221491, x33847. Email: pressoffice@gchq.gsi.gov.uk.
No doubt that TMP communicated and it did " in the communities in which they spend their time.", only what was the message? (and no this is not related to the actual crypto challenge) .
Wonko
#11
Posted 05 December 2011 - 03:00 PM
It could be something like...................only what was the message?....
Dear Sir/Madam,
In response to your job application at GCHQ, we are delighted to inform you the followingSince we, at TMP, are known to be "tight" about security, taking all the above points into consideration, we regret to say that we are compelled to terminate your job offer before even the job is actually offered.
- Suddenly, today morning, we at TMP, realized that the "Can U Crack It" site does not employ any "well-known" registration/authorization procedure (e.g. public-private key pairs, web based mail registration etc.) by which we can identify "you" (the code-cracker) as "you"(the person claiming to be). Since, "you"(the applicant) may not be "you"(the actual code-breaker) & the real "you"'s identity may have been compromised, we really doubt that whether we should proceed with "you"r job application further.
- An "oracle" received by one of our senior official made us realize further that a site like canucrackit, where no SSL certificate has not been used to save $30 in this era of recession & cost-cutting, its might have been tracked/logged by our peers & rivals thereby helping them to point out prospective applicant. This, in turn, violates the NO-DISCLOSURE rule as mentioned in the PDF
- Further investigation by our highly skilled professionals revealed that the success page is indexable by robots/search-engines & clickable & accessible by "security professionals" having the knowledge of "site:" google search tag.
- Bit of googling says that Internet has already been filled up with bits & pieces of the solution of the challenge.
Sincerely,
Team TMP
#12
Posted 05 December 2011 - 06:14 PM
Yes, we we at TMP are total morons (when it comes to security and internet)!
Wonko
#13
Posted 05 December 2011 - 06:20 PM
Not exactly, because it was "we" who devised/stole/hired the challenge, wrote those ASP pages, purchased a domain with false info, hosted those pages............etc.I thought it was much briefer than that, just :
#14
Posted 05 December 2011 - 06:37 PM
WHICH false info?....purchased a domain with false info, hosted those pages............etc.
They seem "legit" enough to me:
http://whois.domaint...oucrackit.co.uk
Registrant:
TMP (UK) Limited
Registrant type:
UK Limited Company, (Company number: 5648039)
Registrant's address:
265 Tottenham Court Road
London
London
W1T 7RQ
United Kingdom
Wonko
#15
Posted 05 December 2011 - 06:44 PM
http://www.whatdothe...uk_is_it_a_hoaxWHICH false info?
In addition, the domain registration details are clearly false,
with the registrant - TMP (UK) Limited - claiming to be a 'UK
Individual' with the address 'Somewhere, London'.
A quick check on the internet shows up the owner of the URL as TMP (UK) Ltd. Another quick check shows them as a UK based advertising company who specialise in recruitment campaigns. Oh, look, they even discuss the GCHQ advertising campaign on their website.
Domain name:
canyoucrackit.co.uk
Registrant:
TMP (UK) Limited
Registrant type:
UK Limited Company, (Company number: 5648039)
Registrant's address:
265 Tottenham Court Road
London
London
W1T 7RQ
United Kingdom
Let me help you a little; the original registration details were as follows;
Domain name:
canyoucrackit.co.uk
Registrant:
TMP (UK) Limited
Registrant type:
UK Individual
Registrant's address:
Somewhere
London
london
W0A 0AA
United Kingdom
Which is more typical of a phishing/fraud scam than a secure Government recruitment site.
#16
Posted 05 December 2011 - 07:10 PM
Wonko
#17
Posted 05 December 2011 - 07:14 PM
But, notwithstanding that, they gave the real name of the company, nothing actually "false", at the most "vague" (see the .pdf).
Let me help you a little; the original registration details were as follows;
Domain name:
canyoucrackit.co.uk
Registrant:
TMP (UK) Limited
Registrant type:
UK Individual
Registrant's address:
Somewhere
London
london
W0A 0AA
United Kingdom
Which is more typical of a phishing/fraud scam than a secure Government recruitment site.
#18
Posted 05 December 2011 - 07:39 PM
I am starting to think that quite a few could be attributed the second as nickname, though.
Wonko
#19
Posted 05 December 2011 - 07:47 PM
Well, not in my neighborhood, but one find some "insane" in some Italian "asylum".Comeon, how many individuals do you know who have "TMP" (or"Limited" ) as first name?
If you have any grand[son | daughter], I fear that you are not the right person for his/her nomenclature.I am starting to think that quite a few could be attributed the second as nickname, though.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users