Spiegel Online uses a 2000 years old cipher for their pay wall

August 3, 2016

Today I cam across some not well done encryption. To be exact I surfed the website of the German news magazine Der Spiegel and clicked on an article that was of the type Spiegel Plus. That type is indicated by this logo:

spiegelplus

Scrolling down after some paragraphs I saw following:

blur_without_javascript

hmmm … funny …. lets take a look in a browser that has JavaScript enabled (as my default one does not).

blur_with_javascript

That’s some kind of pay wall. Lets take a look at the source code of the page with the Firefox Web Developer tools. Using the Inspector and clicking on the blurred paragraph I get to following CSS

blurhmm … lets disable that blur

unblured

Ok readable … but that does not look like German …. but it looks like a ROT13 algorithm, which is  is a simple letter substitution cipher that replaces a letter with the letter x (in the case of ROT13 x=13) letters after it in the alphabet. ROT13 is a special case of the Caesar cipher, developed in ancient Rome. Lets try some ROT variations. As I was just playing around I used a website for this and clicked through it … and I took until ROT25 get readable text.

 

rot25

That was too easy … under 10 minutes to get the clear text. I can’t be the first one … and I’m right … there is a Firefox plugin on Githup.  So it seems this is common knowledge already. Searching the German web I found that one blogger also from Austria already reported it to Spiegel, some Weeks ago … maybe ITIL  does not allow a change ;-).

So to Spiegel, as Andreas already told them, use some real cipher, there are plenty OpenSource JavaScript implementation. And use a different random key for every article, or at least one per day.

 

 

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 74 queries. 0.300 seconds.