Hacker Challenge

Some guy with a name like Akon posted a challenge to the hackers out there. He made key decoder program. His challenge was for programmers to come up with a key generator to match his decoder program. One C++ and one header file were provided as the source of the decoder. This sounded like a simple challenge. However the algorithm within the provided code was difficult to follow. A couple sample working keys were provided to help with the challenge. And a hint was provided that this was a well known encryption algorithm.

I consider myself a relatively experienced C programmer. There was not any C programming language issues I had. I could understand what the code was doing. However like I mentioned earlier, the algorithm was complex. It was too hard for me to keep everything in my head to follow the algorithm.

There was a big discussion in the comments of Reddit about this challenge. Somebody with security insight identified this decoder as decrypting 12345678 under RSA with two public keys. Thus the goal was to factor one of those keys. You could also add one of those keys to a working existing key. I got the feeling that the algorithm in the decoder was a PK algorithm.

Once the RSA was identified, people commented that RSA uses much larger prime numbers than used in this decoder. Thus it should be easier to crack and provide a key generator. The comments led into a general discussion on security. Some people talked about the use of key servers by companies. It was recommended that zero and the letter O should be mapped to the same number to make things easier. It was also mentioned that a dongle cannot guarantee security. This is because a hacker can create a dongle emulator.

Time Poll Hackage

Have you heard the news of this hack? Time magazine put out an online poll of the most influential person in government, science, and technology. One of the founders behind the 4chan bulletin board coded an auto voting application. The result was that the founder got to the top of the rankings in the poll. In addition, if you take the first letter of each of the first 21 names in the rankings, it spells out “Marble Cake Also The Game.”

At first this seemed a bit random. There seem to be differing opinions on what this marble cake refers to. On the one hand it connotes something nasty. It also seems to be the name of an IRC Channel which put out a video against Scientology.

The real story here is the auto voting application. Time originally made it so you could only vote once from an IP address. However the 4chan dude was running IPv6. And it seems the Time site did not recognizes the IPv6 address correctly. That led him to write an app using Delphi which got around the restriction. It uses proxies to make it appear as if you are voting from different IP addresses. That sounds sweet.

I have heard some people say that Time really does not care about this hack. Last time I checked, the 4chan founder was still at the top of the rankings. However the first 21 names no longer spell out anything interesting. Maybe Time disrupted the order to show everyone who is boss. Or perhaps another hacker messed up the first hack for the heck of it.

Conflicker a Hoax?

It seems last month you could not help but hear about the Conflicker virus. This was one of the most talked about worms of the year. It is also known as the Downadup Worm. There are 3 known variants of the worm. Initially people did not know what to expect of the worm. Eventually I heard that it would take over your computer and make it some hacker's slave.

I found it interesting what various authorities were saying about Conflicker. Symmantec said it was serious. McAfee said it was over hyped, but that you should not assume that you were safe. F-Secure said the thing would not cause any visible damage. Finally the USA Today said Conflicker was no small threat.

In general, I determined that you would be ok if your computer was up to date. You are better off if you are behind a firewall like most home users are. It would help if you had intrusion detection software such as ZoneAlarm installed and configured. You can help prevent infection by choosing strong passwords for Windows admin accounts, and by disabling autorun.

Initially there were reports that there may be as many as 15 million infections on April 1st. In retrospect, this seems to be more of an April Fools joke. The date came and went without incident. I wonder what was really behind all the hysteria. At least it got me to download the latest security patches from Microsoft for my Windows box.