Should any member of Team Reboot be looking for a puzzle...

Here:
http://www.forensicf...iewtopic&t=8462

http://canyoucrackit.co.uk/

GO, guys GO!


Wonko

GO, guys GO!

http://www.bbc.co.uk...nology-15968878

However, it added that anyone who had previously hacked illegally would be ineligible. The agency's website also states that applicants must be British citizens.

However, it added that anyone who had previously hacked illegally would be ineligible. The agency's website also states that applicants must be British citizens.

I don't see such a notice on the challenge site, nor is written anywhere that IF you solve the puzzle you will be enrolled as a secret agent.
It is just a puzzle.
Go for it if you find fun in solving it, leave it alone if you feel like it or for whatever other reason.
The "reward" is in providing the solution and see what is behind the closed door, not in going through it.


Wonko

The "reward" is in providing the solution and see what is behind the closed door, not in going through it.

Very true. Once again a nice link posted by you.

Once solved the puzzle (or worked around it ):
http://www.canyoucra.../soyoudidit.asp
http://www.gchq-care....uk/cyber-jobs/

the interesting part is the actual job offer:
https://apply.gchq-c...wms=jj&id=35874

actually quite normal (apart noting how they don't specify a citizenship requirement ), the nice part is the "guideline":
https://www.onboard-...k/docs/Your.pdf
and the linked site:
http://www.getsafeonline.org/



Wonko

actually quite normal (apart noting how they don't specify a citizenship requirement ), the nice part is the "guideline":

They DO say, but in a roundabout fashion


Answering "NO" will lead to this

Sure, but that is a "LATER" page (that you don't get on by following the given links until you click to apply).

I find it a clear example of both incompetence and stupidity. (already demonstrated enough by the fact that they put this robots.txt on the site, hence the "workaround" ):
http://www.canyoucra...o.uk/robots.txt

I sincerely hope (for the safety/security of all UK citizens) that this whole thingy was made OUTSIDE the gchq by the advertisement agency (and WITHOUT ANY supervision by the Queen's good guys):
http://www.applegate...ing-1059779.htm
http://www.tmpw.co.uk/
otherwise there are reasons to be VERY scared.

Some other interesting points raised here:
http://www.whatdothe...uk_is_it_a_hoax




Wonko

http://www.tmpw.co.u...yber-security-/

Against the backdrop of the UK’s new Cyber Security Strategy, which was published 25 November 2011, GCHQ is working with resourcing specialist TMP Worldwide to communicate with the appropriately skilled people in the communities in which they spend their time.

Yep ,
but I would like an actual confirmation (of the fact that the GCHQ is "working with") by some GCHQ senior officer, only this won't probably happen (see .pdf):

What can I say in response to items in the media?

Nothing. You should not confirm or deny any articles that may be reported on by the
media. GCHQ has a press department and requests for information should be
directed to them. Tel: 01242 221491, x33847. Email: pressoffice@gchq.gsi.gov.uk.

No doubt that TMP communicated and it did " in the communities in which they spend their time.", only what was the message? (and no this is not related to the actual crypto challenge) .


Wonko

...................only what was the message?....

It could be something like

Dear Sir/Madam,

In response to your job application at GCHQ, we are delighted to inform you the following

• Suddenly, today morning, we at TMP, realized that the "Can U Crack It" site does not employ any "well-known" registration/authorization procedure (e.g. public-private key pairs, web based mail registration etc.) by which we can identify "you" (the code-cracker) as "you"(the person claiming to be). Since, "you"(the applicant) may not be "you"(the actual code-breaker) & the real "you"'s identity may have been compromised, we really doubt that whether we should proceed with "you"r job application further.
• An "oracle" received by one of our senior official made us realize further that a site like canucrackit, where no SSL certificate has not been used to save $30 in this era of recession & cost-cutting, its might have been tracked/logged by our peers & rivals thereby helping them to point out prospective applicant. This, in turn, violates the NO-DISCLOSURE rule as mentioned in the PDF
• Further investigation by our highly skilled professionals revealed that the success page is indexable by robots/search-engines & clickable & accessible by "security professionals" having the knowledge of "site:" google search tag.
• Bit of googling says that Internet has already been filled up with bits & pieces of the solution of the challenge.

Since we, at TMP, are known to be "tight" about security, taking all the above points into consideration, we regret to say that we are compelled to terminate your job offer before even the job is actually offered.

Sincerely,
Team TMP

I thought it was much briefer than that, just :

Yes, we we at TMP are total morons (when it comes to security and internet)!

Wonko

I thought it was much briefer than that, just :

Not exactly, because it was "we" who devised/stole/hired the challenge, wrote those ASP pages, purchased a domain with false info, hosted those pages............etc.

....purchased a domain with false info, hosted those pages............etc.

WHICH false info?
They seem "legit" enough to me:
http://whois.domaint...oucrackit.co.uk

Registrant:
TMP (UK) Limited

Registrant type:
UK Limited Company, (Company number: 5648039)

Registrant's address:
265 Tottenham Court Road
London
London
W1T 7RQ
United Kingdom

Wonko

WHICH false info?

http://www.whatdothe...uk_is_it_a_hoax

In addition, the domain registration details are clearly false,
with the registrant - TMP (UK) Limited - claiming to be a 'UK
Individual' with the address 'Somewhere, London'.

A quick check on the internet shows up the owner of the URL as TMP (UK) Ltd. Another quick check shows them as a UK based advertising company who specialise in recruitment campaigns. Oh, look, they even discuss the GCHQ advertising campaign on their website.

Domain name:
canyoucrackit.co.uk

Registrant:
TMP (UK) Limited

Registrant type:
UK Limited Company, (Company number: 5648039)

Registrant's address:
265 Tottenham Court Road
London
London
W1T 7RQ
United Kingdom

Let me help you a little; the original registration details were as follows;

Domain name:
canyoucrackit.co.uk

Registrant:
TMP (UK) Limited

Registrant type:
UK Individual

Registrant's address:
Somewhere
London
london
W0A 0AA
United Kingdom

Which is more typical of a phishing/fraud scam than a secure Government recruitment site.

But, notwithstanding that, they gave the real name of the company, nothing actually "false", at the most "vague" (see the .pdf).


Wonko

But, notwithstanding that, they gave the real name of the company, nothing actually "false", at the most "vague" (see the .pdf).

Let me help you a little; the original registration details were as follows;

Domain name:
canyoucrackit.co.uk

Registrant:
TMP (UK) Limited

Registrant type:
UK Individual

Registrant's address:
Somewhere
London
london
W0A 0AA
United Kingdom

Which is more typical of a phishing/fraud scam than a secure Government recruitment site.

Comeon, how many individuals do you know who have "TMP" (or"Limited" ) as first name?
I am starting to think that quite a few could be attributed the second as nickname, though.


Wonko

Comeon, how many individuals do you know who have "TMP" (or"Limited" ) as first name?

Well, not in my neighborhood, but one find some "insane" in some Italian "asylum".

I am starting to think that quite a few could be attributed the second as nickname, though.

If you have any grand[son | daughter], I fear that you are not the right person for his/her nomenclature.