Easter Eggs?

Nekomancer · February 04, 2008, 08:03:38 AM

Yay! Found both of them, finally

Sparra · February 07, 2008, 01:17:04 AM

Was about to create an account just to ask for a hint, but then I recalled one of my programming classes... If you want to find a certain word/phrase (like a password) and don't care how long it takes, there's a method called "brute forcing" it. Basically go through every combination until you find the answer. So that's what I did. I turn on some tetris music, and went through all the pages (leaving the archives for last or obvious reasons O_o) in order, looking at every link on every page. I found both of them within twenty minutes (total searching time: 45-60 minutes). In retrospect, the locations of both make quite a bit of sense, that much I'll say. It was fun and I enjoyed the reward. Even if I completely forgot about them until I poked my head into this place...

WhiteFox · February 07, 2008, 02:51:51 AM

Quote from: Amber Williams on November 12, 2007, 03:44:44 PM
The best part was when I found out people were using stupid scripts to find them so I removed the links for a couple hours while they ran their searches.

Oh well. I guess next time I wont even bother letting there be an actual link but make people have to guess the word since people can't play nice.

Let me be first to say you're probably not the first to try this.

Naldru · February 07, 2008, 08:01:42 AM

And of course, there are a few counter-measures that can be used to fight brute-force approaches. For example, make a link on a page that is white foreground and background and only a pixel in size. That way, it will only be found by a brute-force approach. Then when the user tries to access the page, have it display something like the following message: "You have triggered Black Ice. Prepare to die" with a countdown timer. You could also have the page log itself so that you can identify who did it. (Match the IP address used to access the page with the IP addresses used to place items in the forum.)

The person won't know it was logged, so when he receives an e-mail saying that he has been warned, he will be surprised.

This is known as a "honey pot".

llearch n'n'daCorna · February 07, 2008, 09:00:46 AM

Actually, when the person posts in the forum, it doesn't matter if they've viewed the page or not. Posting the content of the pages in the forum counts as an insta-ban, due to the warning on the pages themselves.

And setting up a honey pot is all well and good, but requires specialised knowledge to set up effectively - which Amber, being an artist, lacks. So... what would you rather? That Amber spends time working on images for the comic, or that Amber spends time learning how to set up a honey pot?

I know which one -I- prefer... ;-]

Naldru · February 07, 2008, 09:06:18 AM

I wasn't indicating that Amber should set up a honey pot. What I wanted to indicate was that for those who think that they can circumvent things on the net, there are ways of detecting them. More of a theoretical/hypothetical situation.

Actually, I don't really view this approach as brute force. To me, brute force would be using combinatorial techniques to try to identify all possible names for web pages and to use that as a candidate for a search. For example, using all of the character names as the possible names of web pages, a brute-force technique that Amber obviously considered as she undertook the introduction of countermeasures.

Besides, Amber has a wealth of fans who would be willing to provide protective assistance, many of whom who I'm sure are far more devious than me.

llearch n'n'daCorna · February 07, 2008, 09:19:41 AM

heh. Granted, granted.

However, as forum admins, it's -our- responsibility to ensure that we've taken reasonable precautions to back Amber up. That's fair enough, isn't it?

After all, we wouldn't want you to say you hadn't been warned...

Easter Eggs?

Nekomancer

Sparra

WhiteFox

Naldru

llearch n'n'daCorna

Naldru

llearch n'n'daCorna