DVCQoG - Final Challenge / Fatal Flaw
It seems that there is a major flaw in the technology used for the final challenge.
You can access the puzzle without logging into Google.
Anyone can go to http://www.google.com/ig/davinci/puzzle.html?puzzle=100 and play the puzzle. You don't need to have logged in.
Judging by comments on my blog, people are doing just that.
I'm hoping google are tracking IP Address as a way of spotting such behaviour, but there's still a scenario in which this won't work.
If you have a mouse / key logging / replay program, you can go to Starbucks with your laptop, use wifi there (one IP address), go to the URL (without logging in), play the game while recording keystrokes, then go home, log into google, replay the keystrokes.
There's no way Google can spot this, apart from an absurdly fast time. However, if the time is close, but slightly faster than the guessed minimum, its not traceable.
I think they'll find the results are impossible to parse, and they cannot disqualify those that cheated. In that case they may have to think about rerunning the final round with more security.
Tags: da vinci code, quest, google,final,cheat,solution
Lots of links from the official blog
You can access the puzzle without logging into Google.
Anyone can go to http://www.google.com/ig/davinci/puzzle.html?puzzle=100 and play the puzzle. You don't need to have logged in.
Judging by comments on my blog, people are doing just that.
I'm hoping google are tracking IP Address as a way of spotting such behaviour, but there's still a scenario in which this won't work.
If you have a mouse / key logging / replay program, you can go to Starbucks with your laptop, use wifi there (one IP address), go to the URL (without logging in), play the game while recording keystrokes, then go home, log into google, replay the keystrokes.
There's no way Google can spot this, apart from an absurdly fast time. However, if the time is close, but slightly faster than the guessed minimum, its not traceable.
I think they'll find the results are impossible to parse, and they cannot disqualify those that cheated. In that case they may have to think about rerunning the final round with more security.
Tags: da vinci code, quest, google,final,cheat,solution
Lots of links from the official blog
posted by BXCellent at 9:53 AM
2 Comments:
you're full of it. trying to back door does nothing but send you back to the google home page..sure you get the welcome page to load but if you're not logged in won't work...just like it didn't work for me.
I haven't actually tried this. Its just assumption, based on comments around the blogosphere. I don't have time to go to another IP to test and don't want to test from my home machine, just in case they are IP tracking.
Can anyone else confirm that they can backdoor - ie. access and play the puzzles without a google id?
Is this something you could do yesterday, but not today? Have they just closed the hole?
Post a Comment
<< Home