Spiegel Online uses a 2000 years old cipher for their pay wall
August 3, 2016
Today I cam across some not well done encryption. To be exact I surfed the website of the German news magazine Der Spiegel and clicked on an article that was of the type Spiegel Plus. That type is indicated by this logo:
Scrolling down after some paragraphs I saw following:
hmmm … funny …. lets take a look in a browser that has JavaScript enabled (as my default one does not).
That’s some kind of pay wall. Lets take a look at the source code of the page with the Firefox Web Developer tools. Using the Inspector and clicking on the blurred paragraph I get to following CSS
Ok readable … but that does not look like German …. but it looks like a ROT13 algorithm, which is is a simple letter substitution cipher that replaces a letter with the letter x (in the case of ROT13 x=13) letters after it in the alphabet. ROT13 is a special case of the Caesar cipher, developed in ancient Rome. Lets try some ROT variations. As I was just playing around I used a website for this and clicked through it … and I took until ROT25 get readable text.
That was too easy … under 10 minutes to get the clear text. I can’t be the first one … and I’m right … there is a Firefox plugin on Githup. So it seems this is common knowledge already. Searching the German web I found that one blogger also from Austria already reported it to Spiegel, some Weeks ago … maybe ITIL does not allow a change ;-).
So to Spiegel, as Andreas already told them, use some real cipher, there are plenty OpenSource JavaScript implementation. And use a different random key for every article, or at least one per day.
No Comments yet »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Powered by WordPress
Entries and comments feeds.
Valid XHTML and CSS.
40 queries. 0.068 seconds.