View news

New Internet challenge 'Pay for it...'
Posted by Marijn - Tuesday March 20 @ 18:01 jcfs was kind enough to create a new challenge. But to solve it you have to 'Pay for it...', only a credit card is needed ;) You won't have sleepless nights over this one, it's not very difficult :)

» Comments

nice challenge jcfs, not too hard though

Lame.

1) "Times solved 7"
challenge online 12 hours
The last two challenges that came online are solved 5 and 6 times respectively in 40 and 50 days.
The challenge is as trivial as loging in.

2) At least take an algorthim that has more than one operator. like belgian RRN.

3) Unlike the other challenges that have become obsolete due to time, this one is already.

It's nice to have an easy challenge that almost everyone can solve with a little effort, there are people not like you rhican. It's not like the challenges have to be incremental in difficulty. Although that has been the case for a long time maybe, it was time to create some challenges for 99% of the people, not the top 1%.

We always said that new challenges don't have to be more difficult then the current ones. You knew at some point this would happen and it's not a bad thing

1) It was never supposed to be an hard challenge, as Marijn said, I think we are all sick of having new challenges that are just solve for 5 or 6 brilliant minds.

2) read above, no need to go into techie stuff that noone has ever heard.

3) The sentence which shows up when you solve it explains that exaclty. Once again, not the point of the challenge.

Despite understanding why you are so pissed of about this challenge, I think you sometimes should leave your arrogance behind, for the genious that you are you should know this already. I've been said that you left net-force by your free will, but I also can see that neforce still plays a major role in your life, and I don't blame you for that (it also does in mine), but at least admit it. So please, I just ask you to stop saying that everything which came up here since you left is bad...

And for the reasons stated above, I don't think it's a lame challenge.

@cake http://www.net-force.nl/challenges/submit/
clearly states, at the same level or more difficult. This in no way is on the same level as Faulty obscurity. It also states it has to be original in some way.

On average people who choose completely random numbers to fill in the blanks, will have a valid number after 5 tries. GREAT challenge. I believe this even makes it the easiest non training challenge.

@jcfs, I'm arrogant. I'm no genius. I have always retained the right to be an asshole. Role? Meh.

I like that ..

No, because, as you're so good with the rules, you should also treat other members with respect.

"On average people who choose completely random numbers to fill in the blanks, will have a valid number after 5 tries. GREAT challenge. I believe this even makes it the easiest non training challenge."

You only know that because you know how the algo works, and how weak it is. People wouldn't try random numbers, that wouldn't make sense.

I don't know about you but there are actually people try to learn some thing out of the challenges. Thats the point of it.

jcfs seems to think, security through obscurity is a good idea.

Btw did you see this
"The challenge must be solvable by knowledge and/or hard work, not just by plain guessing (like some home made ciphers)."

It's even a submit guideline. So it's not even something i "feel should be". It something Net-Force feels, but now thinks it should be flexible. I wonder why.

@Marijn, indeed i know the rules. that's why i say the challenge is lame. There is nothing in the rules about respecting challenges. I have a lot of respect for jcfs, even though he appers to be pretty naive.

You can try to spin this how you want. The challenge is ridiculous, and against the guidelines.

Additionally it's a pretty lame way to take first place.

I think you're the only one who thinks the challenge is ridiculous, and if you feel that way, thats fine. It's defininately not the easiest challenge.

The rules are put up by me, so it's not like I can't divert from them. Net-Force isn't an anonymous entity. If I want you to say something nice about the challenge, should I put that in the rules? :P

And sure, it's a bit cheap to take first place with your own challenge, but that doesn't say anything about the challenge. You'll have your opportunity to compete with jcfs when a next challenge comes out.

Let's leave it like this, I'm not going to remove the challenge, and you said you didn't like it, clear.

"jcfs seems to think, security through obscurity is a good idea. "

Thats not what I meant... theres no obscurity about it. I meant that the only way you can know it can be bruteforced (on average) in 5 tries is if you know the algorithm, and thats the point, people will have to learn the algorithm, and even if they bruteforce it after it, my point is already taken (after this discussion, it will be screwed because everyone will try, but i don't care).

"The challenge must be solvable by knowledge and/OR hard work, not just by plain guessing (like some home made ciphers)."

This challenge is solvable by knowledge, not plain guessing. Of course you can guess it, but that would be stupid.

Additionally, you can have your first place back anytime you want, it looks like it means a lot more to you than it does to me.

@jcfs: there is no knowledge required to try random numbers. It is entirely guessable, no knowledge needed. Not even the knowledge that it is guessable.

If you think you need to know the algorithm, in order to increment the right thing to brute force you are wrong.

step 1
try completly random number (with the given digits at those places)
repeat step 1 until you succeed.

so you can just guess an answer. It's completely broke. The challenge is too simple. You don't need to know that it is guessable, for a challenge to be guessable.

@marijn: Haha. I know you won't delete stuff. Even if they are as lame as this. I believe you can't count the amount of times, i've said you're the boss on your fingers and toes.

I just point out the hypocrisies.

Because an evil person could interpret it as: "You are right, but I'm the boss, so stfu".

However I do not stfu, so you'll have to ban, me (as )if you don't want to prevent me to speak up, and state truths.

You also hided the fact that I already compromised security once, which was entirely lame. Maybe i should make it more intresting next time.

a final note, because i'm sure jcfs, still won't believe me: you don't need any knowledge of the algorithm to brute force it. Don't underestimate the force of /dev/urandom.
The check depends on the value of one digit, there is always 1 valid digit. there are 10 decimal digits. on average a random number will have the one digit correct.

The challenge would be at least a bit intresting, if did not leave the check digit open. Then the challenge would not be guessable on average in 5 steps, due to the algorithm.

Imho an obvious, simple way to make the challenge work. and at least worth the effort of a google. Why didn't anybody think of that?

Having the check digit set, doesn't make it less bruteforceable. You can change any of them to make it pass thru the test. But i actually don't care about people that guess the number, my point is that are people that will learn from this challenge, and till now all that solved it, learnt the algo, so till now i'm being successful with it.

even better:

"Ok, you are right it's broke as hell but I, don't care"

which is even worse then

"Ok, you are right, but i'm the boss" :)

well masking all the not-special digits then florks with the algo, more. Or choose a more interesting algo, there are plenty of numbers like social security or belgian RRN, that use a sort of inverse mod 97.

Net-force used to be a challenge website, if you are too lazy to create a challenge, but want people to learn something.. here's a hint write a TEXT... there's this library...

I just find it amusing that all the NF crew didn't manage to catch on. Feel like I might have overestimated some things in the past.

Ok, u don't get it, and this is leading nowhere. This will be my last post, and lets cut the crap, me and you both know that it's not the fact that the challenge is simple/non-sense/very easy/bruteforceable or not, that is pissing you off.

So, i'm just sorry to taking your first place. Have fun.

Cya

rhican, you're boring me and wasting both of our time.

If you don't like it, just leave, like you said you would. Really, this isn't a place for you anymore, apparently.

And threathening is not really smart. The security breach had little to do with Net-Force security, and it's my choice to disclose anything or not -- you didn't even e-mail me or anything, and I was on vacation at the time. It was totally inappropriate and lame on your side, and I think even below your standards. It was clearly not for 'security'-sake, but your personal grudge you have, for whatever reason.

Perfectionism is not something I strive for here, just some fun challenges and nice people (that's really what it is about). Maybe it's flawed a bit, you made your point, but this is no way to discuss any of this. If you have any problem, please, you know where I live, you have my number and e-mail address.

And that was my final message about this. I hope SOME people will have fun solving it, I did.

bernard solved it before me cos he saw it first :-(
i m so angry at u thuis-boy !!

lol bernard solved it a couple minutes before I did.. :(

"Not very difficult" ?

i WILL need to google for this one to learn something about the credit-card algorthims so it isn't to be solved by guessing.

Once you know how the system works, it's easy indeed.
f.e. When i needed to solve the XOR-challenge, i didn't know anything about it and i was trying everything to get a pass out of it.
A quick google-search lead me to a decent explanation and guess what... i still know how it works so Net-Force's mission is accomplished: teach people.

in fact it was the fact that the challenge was ridiculous that made me post here. You know nothing.

Marijn: I don't keep track of your vacation plans. And actually no I don't have you're number anymore, lost that cellphone (Yes this also means you don't have mine anymore).

it had very much to do with net-force, and you did receive it on NMS. Everybody could get admin rights, by googling.
And the admins did not have the power to boot me from the system, until they got down to coding. Which was really pathetic. If that's nothing related to security. You are just ignorant.

If i really had a grudge i could have destroyed much much more of the database, i had access for over an hour.

cracker-net: The challenge is broke, even Marijn and jcfs have had to admit it. Stop trying.

This thread:
It's broke
no it's not
yeah it is
well i'm the boss so stfu
well i don't care
you are arogant and you breach the rules
no i don't, in fact you did
well i'm the boss i'll make new rulez
ok you are right, but you are evil and have a grudge so stfu

No offense but i just got pwnd.

Spin that.

s/No offense but i just got pwnd./No offense but you just got pwnd/g

I just solved it too... easy but a nice chal though.
Most other challenges are way too hard.

Thank you Google :)

they are not too difficult, they are just a challenge.
except COBOL.

But sure why not celebrate mediocrity.

a challenge that is guessable, is not a challenge. It's broke.

Bernard doesnt sleep at night :-) he solves and solves and solves
Else i wud ve been number 3 ;-)
But i ll get space code soon yuhoooo

Yeah, btw i didn't nag about space code [admin]removed too much info[/admin]

i didn't nag about arts, even though it's not a crackit challenge. [admin]removed too much info[/admin]

But if you are going to make even more ridiculous challenges, like we come one, and this one.

Just hiding the fact that nobody is on this site, by calling challenges like arts difficult...

If you don't like it, get lost. Maybe there need to come new rules about submitting new challenges, because making new challenges only harder and harder then the ones that are already here won't get many new people to start doing challenges. And what's so 'broke' about a challenge simply because it's too simple for your standards? I almost know nothing about coding such things, so I wrote it down on a piece of paper and applied my knowledge of this algo, nothing 'broke' about that eh

One can generalise rhican's argument as follows: ever since it became public knowledge that you can solve this challenge by guessing (regardless of whether he/she understands the background), this challenge has been reduced to a guessing game (i.e. simply by reading the comments on this newsitem)

I guess that could justify removal of the challenge. There would have been no problem if this formed a discussion in a section accessable for those who solved it.

I enjoyed it though :)

Ok,

I've removed some information about other challenges, because in my and some other members opinion, there were some hints and links between challenges that gave away too much information.

Also, we've made a small change to the challenge:

I don't think anyone will start guessing after they see the challenge. It isn't logical to see a 16 digit number and start guessing, if you don't know the algorithm that is... If that WAS the case, it would go beyond the point of the challenge, because you have to know nothing about the subject to solve it.

Now because of all that is said here (and at the moment I don't want to remove comments, although some are highly off-topic and plain trolls) people could start guessing anyway (or if they know enough of the algo). This is why we've increased the number of credit cards you have to enter to 3.

Thanks jcfs for the quick edit, and rhican for your suggestion, although a PM would have been so much quicker, and would've saved us all these flames here.

Minor typo on the challenge-introduction:

"find a these partial credit"

Who are you kidding, a PM would not have been faster. You even claimed never to have had my last one.

Heh, It's funny though editing the information about arts :) That alone illustrates this thread.

Also feel free to look up the actual meaning of troll(you use it incorrectly).

Besides that it is ridiculous to assume that people will not try a few passwords for a challenge. It's plain and simple security through obscurity: "It's not secure, you need to try the most lightly answers or just random. But that's not a problem because you have to to think of trying". Didn't You used to hate security through obscurity?

Guessing _IS_ a powerful tool for hackers and challengers alike.

I don't sugarcoat. This was a farce.

Guessing is indeed a powerful tool and if -as you claim- this challenge is a guess-challenge, doesn't it serve its purpose? -To teach people about security.
The fact weather or not this method of "security" is optimal seems besides the question and therefore justifies this challenge, imho.

He bites. No. The challenge was neither. now it's just another internet chall. It was broke before, really stop trying to make up excuses. All the people above you have had to admit it. It's pathetic seeing you all try to defend:
-gimme a number
-if ((int)rand()*5==1) cout << "you win"<<endl;

It was a dumb, broken challenge, now it's just another internet challenge I don't particularly like.

It's like saying: I lost my eyesight, but now I appreciate sound more. And that's great because music is an arts. The only downside is i keep bumping into things, and I never get to where i want to be.

Seeing us defend our views, seems no more pathetic than you trying to force your opinion on others :)

This debate is based on personal preference.
One simply cannot argue over this, especially not with someone as self-indulgent as yourself.

'Nuff said.

Thanks Matt_X for the typo suggestion, it has been fixed.

Matt_X the reason why we can't argue over this, is because you haven't even solved the challenge. Which is quite sad. Blindly defending the powers that be. Is naive, irresponsible , and down right dangerous, were a helmet.

This probably proves how bruteforceable the challenge was.

I believe that after the change only 1 person solved it after the change.

The challenge was broken, uninteresting, obsolete, and easily guessable. Everybody that is not retarded has had to admit that.

Besides i'm not arguing. I am defending my statements. The reason why you call me self-indulgent is because all odds i'm right. And i don't sugarcoat it, or hide the incompetence of others.

Sticks and stones love.

Hmm that way most of the first 8 challenges in cryptography section were quite simple.. some were guessable too ..

They, were not this broke, or this guessable. Furthermore they were the first 8 challenges. which make them compliant with the submit guidelines.

But yes there are other challenges that could be considered broken. Like the words words words, after the hint in forum, that it's one of the words.

Lowering standards is never a goed idea. Kids don't "succeed in their math exams anymore. Teachers should simplify the exams <=> Teachers should do their job better."

"Additionally, you can have your first place back anytime you want, it looks like it means a lot more to you than it does to me"

Indeed, it seems that's Rhican's problem.... He lost his 1st place ;)

EDIT

Rhican, i dont know what the hell's wrong with you?

For several months now, all you do is breaking down members, combined with the needed arrogance.
If someone asks for help, or cant solve a challenge, you're the first one to break them down.

Didn't i already mentioned that youre NOT the God of NF?

But hey, as we say in dutch:" Ge schijt boven u hoofd!!!!!"

*English*: You're shitting above your head!

Hmm let me guess :

schijt = shit
hoofd = head

Am i right? I wish by solving this i could go to number 3 :p

Yeah you are quite right mith_mith.

Ah, it just fills me with a warm fuzzy feeling, when i hear of Sagrathy.

i am well aware i'm not god. However i'm quite capable to spot crap when i see it. Also i will reply to everything thrown at me. with poor grammar and spelling, just because I don't think this is worth proofreading.

i have done far more than brake members down, actually not really members, more bosses. Kinda like fighting the system. I have also responded to some pm's. breached security and made net-force a safer place.

And now i changed your password and profile
http://www.net-force.nl/account/view/
They'll change it soon, just so I don't deprive any of you the right to view the change there is a screenshot at. http://rootshell.be/rhican/sagrath.png

not because i'm god, but because I found it funny. This is my breaktime amusement.

It's quite rare people defending: gimme a number game.

In time even you might have to admit that the challenge was broken like hell. Because yet another 24hours have passed. And in these nobody solved the challenge anymore.

Also feel free to point out where I break people down, and you can't argue i'm just stating truths(truth hurts). It won't be that many places.

@Admins, this is no less offtopic than Sagrath's post. Maybe I shouldn't have responded, but that's probably the same for mith_mith then, isn't it?

ps: the password i set your account to is guessable, have fun :D

Not wanting to enter the discussion, but the link to the screenie returns a 404...

yeah that's what happens when you don't proofread the urls should be

http://www.net-force.nl/members/view/3559/
and
http://rootshell.be/~rhican/sagrath.png

rhican has been banned for a while for hijacking a members account. Sagrath was quite rude, but this is not the way nor place or tool to fight out the issues you have, especially not through illegal actions.

Rhican> yes they Banned me for 30 days. Which is quite funny, compared to other ban lengths :)

Ow yeah and they changed this password to. But eventhough i'm not god. I tend to have an ace or two up my sleeves.

Btw, I'm not suposed to hunt ghosts, which makes no sence at all. (one of the reason's listed for the ban)

And I didn't hijack it as a personal vendetta ;) as I stated above.

Bottom line is. The challenge was rediculous, broken. Unoriginal. (A port of space conquest uses the same idea, in a slightly permutated form). And many people thought they could have a swing at me, all sorta failed. So they ban me.

Let the bottomline be to not post this crappy things.

Let me finish with the word I started with.

LAME

rhican, as I've said in one of my first messages, I know how you think of the challenge. I have read your arguments, but I'm going to stick with the challenge for the reasons I've stated. I have no idea what you're trying to accomplish here, one message would have been enough, really.

You were banned for breaking the rules (stealing someones account), not because you had 'won' the argument or whatever, because that's not important to me.

And Sagrath should use some other passwords on his e-mail, jeez ;-)

rhican> Really 1 message? How about you count how many messages it took before people started realising just how broke it was. And then actually to alter it.

Btw it was not his email address ;)
(yes, you probably should have thought about that)

How about we quit this discussion, I agree with rhican the challenge was way too easy to solve, even now it's still easy. But this is no way of letting it know rhican, you know better. You are 1 one of the persons who has a lot of knowledge about computers and so on, use it don't abuse it. It's not making you more popular. You are losing a lot of respect we had for you, if you keep acting like this.

Agreed.

» Add a comment

Commenting on this news item is disabled.

NF² Changelog | Contact | About | Sitemap
www.net-force.nl - Copyright © 2002-2008

ParseTime: 0.059815 | Queries: 11 | QueryTime: 0.0027