So there exists a chess web site, that runs a monthly contest. Everyday they post a new chess problem and you have to solve for mate. If you correctly solve the problem you get an entry entered into their monthly contest. If your entry gets picked you win the prize, an electronic chess set, a digital camera, an ipod, etc. The problem with this site, which I have contacted about before, is that in the page source for the chess problem is the solution. All one has to do is view page source, and there it is. Almost. The following is an example from their site;
load_solution( 'MCwxLC0xLDEsQmE0KyxkMWE0LC0sMXwxLDAsMCwyLEt4YTQsYjVhNCwtLDIsS2M0LGI1YzQsLSw2fDIsMSwxLDEsTmMzKyxlMmMzLC0sM3wzLDAsMiwxLEtiMyxhNGIzLC0sNHw0LDEsMywxLE5kMiUyMyxmMWQyLC0sNXw1LDAsNCwwfDYsMSwxLDEsYjMrLGIyYjMsLSw3fDcsMCw2LDEsS2QzLGM0ZDMsLSw4fDgsMSw3LDEsQmI1KyxhNGI1LC0sOXw5LDAsOCwxLEtlNCxkM2U0LC0sMTB8MTAsMSw5LDEsUmc0KyxnNmc0LC0sMTF8MTEsMCwxMCwyLEtmNSxlNGY1LC0sMTIsUmY0LGY2ZjQsLSwxNHwxMiwxLDExLDEsTmUzJTIzLGYxZTMsLSwxM3wxMywwLDEyLDB8MTQsMSwxMSwxLFJ4ZjQlMjMsZzRmNCwtLDE1fDE1LDAsMTQsMA==', 1 );
If you take the string in that function and decode it as base64 you get;
Which is PGN for the solution. So in this case we move our bishop to a4 and put him in check, he either moves to c4, or kills the bishop at a4, then we do the next step, so forth and so on.
So knowing this I as an attacker can enter the puzzle everyday regardless of if I know the solution to the puzzle or not.
When will people realize that base64 is not encryption, and should not be treated as such.