Blog

Exploring security-Part 2-Exercise your mind (Testy Testy)

On March 27, 2013, in Syndicated, by Association for Software Testing
0

Update: Here are some of the ideas I have regarding the Diet Coke Rewards. I answer some questions for myself.

1.
Do all of the categories matter? If I get valid 12 pack codes, I end up
with 10 points. Valid 20 and 24 packs give me 18 points with no further
numbers to figure out. The bottle sized cap numbers give me 3 points
and STILL contains 14 characters! So no bonus to me for figuring out
which is which.

2. There is no cost, and no immediate penalty for
entering WRONG numbers and invalid codes. Since I all I need is an
email address, I could create multiple accounts to test this without
added cost.

3. For each slot in a code there are 34 possible
options (that’s because the letter O is always the number zero so
numbers 0-9 and 1 for each number of the alphabet). There are 14
characters, so, based on this alone, random chance isn’t impossible if
you set ranges and roll the dice. But can you do better?

4. I’ve
noticed overwhelmingly that Diet Coke numbers start with a number, and
contain no more than 7 numbers, and no fewer than 2. There are a few
exceptions, but I don’t need to hit every case out there to be able to
rack up many points. That means my odds have now improved. Additionally,
I’ve noticed that numbers tend to be grouped where they either start
with 1 or 2, then a certain letter grouping. Also, have you noticed that
numbers aren’t starting low? I haven’t seen many numbers starting below
1. I’ve also noticed that numbers are often repeated. Is there a
pattern to how many times they were repeated.

So, how do I test
this? One easy thing to test is the hypothesis that valid numbers don’t
start with 1. Using the numbers I have that are valid, I run a few tests
with 1 in the front. Heck, it doesn’t take too long to run zero through
5 to see if my guess is correct or not? As I gain more info, I start to
see more patterns.

5. Pattern matching, which is something the
brain does really well. One reason we humans are SO superstitious is we
see patterns, faces, and assign significance where there may or may not
be something of interest. A different way to look at the pattern is to
assign a number to each of my characters, and then see if any patterns
show up. I believe this sort of odd thinking is how people began playing
records backwards in order to hear devil sounds. One possible way to
assign values to number would as follows:

0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
A 10
B 11
C 12
D 13
E 14
F 15
G 16
H 17
I 18
J 19
K 20
L 21
M 22
N 23
P 24
Q 25
R 26
S 27
T 28
U 29
V 30
W 31
X 32
Y 33
Z 34

With these new ideas, I can run a few checks and see if I can learn anything new, or see any new patterns emerge.

 

Comments are closed.


Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!