Jump to content

Puzzle Caches with file download needed.

AZcachemeister

By AZcachemeister
in General geocaching topics

Followers 0

Recommended Posts

AZcachemeister

AZcachemeister

Posted
Posted

A puzzle cache has recently been published here in Arizona that includes a link to a web page created by the owner where you must apparently open/download three .doc files and two .pdf files to get the needed information to complete the cache.

 

My understanding is that this is no longer allowed, but perhaps I am mistaken?

 

Would YOU open/download an unknown file from an unsecure website to complete a puzzle cache?

Link to comment
markandsandy

+markandsandy

Posted
Posted

A puzzle cache has recently been published here in Arizona that includes a link to a web page created by the owner where you must apparently open/download three .doc files and two .pdf files to get the needed information to complete the cache.

 

My understanding is that this is no longer allowed, but perhaps I am mistaken?

 

Would YOU open/download an unknown file from an unsecure website to complete a puzzle cache?

 

From the Guidelines

In the interest of file security, caches that require the downloading, installing or running of data and/or executables may not be published.

 

And no, I wouldn't do it.

Link to comment
KBI

+KBI

Posted
Posted
A puzzle cache has recently been published here in Arizona that includes a link to a web page created by the owner where you must apparently open/download three .doc files and two .pdf files to get the needed information to complete the cache.

 

My understanding is that this is no longer allowed, but perhaps I am mistaken?

 

Would YOU open/download an unknown file from an unsecure website to complete a puzzle cache?

I probably wouldn't.

 

Sounds like it violates the guidelines, but reviewers are human, and sometimes things slip through that shouldn't.

 

How much does it bother you? Are you going to contact the reviewer and/or post an SBA log?

Link to comment
Headstone Hunter 1

+Headstone Hunter 1

Posted
Posted
A puzzle cache has recently been published here in Arizona that includes a link to a web page created by the owner where you must apparently open/download three .doc files and two .pdf files to get the needed information to complete the cache.

 

My understanding is that this is no longer allowed, but perhaps I am mistaken?

 

Would YOU open/download an unknown file from an unsecure website to complete a puzzle cache?

I probably wouldn't.

 

Sounds like it violates the guidelines, but reviewers are human, and sometimes things slip through that shouldn't.

 

How much does it bother you? Are you going to contact the reviewer and/or post an SBA log?

 

Never!!

Link to comment
fizzymagic

+fizzymagic

Posted
Posted

I would download the pdf files, but I would not do the doc files.

 

The guidelines, as written, are nonsensical, as I have pointed out in the past. Viewing the cache page online requires downloading data; as a result, all caches are outside the guidelines. Even if cache pages are excepted, that still leaves any cache with an external image on the cache page (including all those logos for geocaching organizations) as prohibited.

 

A prime example of a poorly-thought-out guideline that could easily have been fixed with some minimal allowance of input from people who actually know what they are talking about.

 

A more sensible guideline would be that puzzles could only require downloads of "normal" file types as seen on the Web: HTML, text, pdf, jpeg, gif, png, and mp3 with perhaps an occasional YouTube video.

 

Formats that can be easily exploited to execute code on your computer should be out; that pretty much eliminates Microsoft Office documents and non-YouTube flash.

 

But the universal ban just doesn't make sense.

Link to comment
Xaa

+Xaa

Posted
Posted

In my country there are at least a handful of mysteries where you have to download executables even. Obviously there are a lot of people who don't mind doing that, and the reviewers don't care as well (they were approved with those guidelines in place, and some of those caches were even pointed out afterwards).

 

I wonder if people would change that attitude when the first person comes around abusing it (hopefully in a whitehat way, just proving a point).

 

Then again: if you get your cache approved and add a link afterwards to some malware, the reviewer is easily bypassed, so the guidelines don't really help here.

Link to comment
NYPaddleCacher

+NYPaddleCacher

Posted
Posted

Which puzzle is it? While I do puzzle caches here in AZ, I dont think I have come across this particular puzzle. And no, I dont think I would be downloading files.

 

Unless you stop using the internet entirely it's pretty hard to avoid it. Every image that you see on a web site is a file (although it is possible to render an image without encapsulating image data as a separate file; I've done it). Email clients save messages that are were at least temporarily files on a machine elsewhere on your machine as a file, or into an existing file (i.e. a database).

 

The problem is not that you're downloading a file. It's when that file contains executable instructions that are invoked in some manner.

Link to comment
Star*Hopper

+Star*Hopper

Posted
Posted

Let's just say I'd be extremely hesitant....and even then would only open it/them after scanning with probably all 6 of the anti-malware apps I carry.

 

'Aesthetic' technicalities aside - I think we all know the intent of what's stated in the guidelines. As they say - an ounce of paranoia's worth tons of cure.

 

~*

Link to comment
TropicalParadise

+TropicalParadise

Posted
Posted

This cache, GC1094W is one that has done it right. It's a PDF, which is very low on the threat list, it contains a warning, and it contains his own personal statement.

 

It depends on who is doing the cache, in the cache that I mentioned, it's part of a series and he is known for making awesome puzzle caches. If it's a person with only a few finds, a not very easily identifiable name (ie. jdlky12049717275637), and little hides, I might not. I probably would anyway unless it's very obvious that it's a virus because I'm on a mac and have virus scans and have probably encountered ten thousand worse things.

Link to comment
trainlove

+trainlove

Posted
Posted (edited)

Grandfathered, not.

 

But I'd go to any public library, I always do anyway, and download anything whatsoever over there. It's not my computer that's going to get infected, if you happen to be the very first person to have done so before that cache gets shutdown forever.

Edited by trainlove
Link to comment
AZcachemeister

AZcachemeister

Posted
  • Author
Posted

I am in no way suspecting that the owner might intentionally link to malware of any sort, just the possibility that something could be hiding in those files that he does not know about.

Apparently he is just being lazy, and put up the files so as not to spend too much time adding the image of a kenken puzzle to the cache page. How hard is that?

 

Anyway, I hesitate to give out the waypoint...don't want anyone thinking I have called them out here in the forums! When I pointed out the possible guideline issue to the CO, he has got all bent out of shape and threatened to report me as 'an abuser' to Groundspeak!

 

I looked at GC1094W, and chuckled when I read:

 

You do NOT need to wait for confirmation to log on-line.

 

Your log will be removed if I do not get an email with the answers before you log on-line.

 

Dude! Which is it?

Link to comment
Okiebryan

+Okiebryan

Posted
Posted

I looked at GC1094W, and chuckled when I read:

 

You do NOT need to wait for confirmation to log on-line.

 

Your log will be removed if I do not get an email with the answers before you log on-line.

 

Dude! Which is it?

 

These are not mutually exclusive statements. I understand it to say, send an email before logging it, but you don't have to wait for me to acknowledge the email before logging the find.

Link to comment
KBI

+KBI

Posted
Posted

I looked at GC1094W, and chuckled when I read:

 

You do NOT need to wait for confirmation to log on-line.

 

Your log will be removed if I do not get an email with the answers before you log on-line.

 

Dude! Which is it?

These are not mutually exclusive statements. I understand it to say, send an email before logging it, but you don't have to wait for me to acknowledge the email before logging the find.

Yup, that's what I got too. It could have been worded better though.

 

"You must email me before submitting your log, but it is not necessary to wait for my confirmation."

Link to comment
NYPaddleCacher

+NYPaddleCacher

Posted
Posted

Grandfathered, not.

 

But I'd go to any public library, I always do anyway, and download anything whatsoever over there. It's not my computer that's going to get infected, if you happen to be the very first person to have done so before that cache gets shutdown forever.

 

Hey, I work in a library and one of the reasons that you can download anything is that like many library all of our public access computers (we have almost 200 of them) run an application which wipes the disc clean and reinstalls the O/S ever time the system reboots.

 

When our university got hit hard by the malware that was being disseminated via USB drives there were over 1000 computers infected and we had three people in our department working full time for a week cleaning things up. We also had two computers set up running linux with an application that would detect whether or not the malware was on a USB drive that were staffed from 9:00am until 6:pm for four days. They scanned hundreds of USB drives and even some cameras and cell phones and found the malware on about 15% of the devices scanned.

 

Frankly I'm tired of the reactive approach to malware/virus/trojan horses. Instead forcing everyone to buy virus checkers spamware/walware checkers and locking down machines so tight it severely impacts the productivity of those actually trying to get real work done using a computer, I advocate going after those that have anything to do with the creation of computer virusus/malware/etc or anything that tampers with another computer with a vengeance. Increase the penalities for knowingly creating/disseminating a computer virus significantly and prosecute in every case. It's about time that there was a significant deterrent rather than just bending over and spending more and more on blocking virus once they've been created.

Link to comment
jholly

jholly

Posted
Posted

Grandfathered, not.

 

But I'd go to any public library, I always do anyway, and download anything whatsoever over there. It's not my computer that's going to get infected, if you happen to be the very first person to have done so before that cache gets shutdown forever.

 

Hey, I work in a library and one of the reasons that you can download anything is that like many library all of our public access computers (we have almost 200 of them) run an application which wipes the disc clean and reinstalls the O/S ever time the system reboots.

 

When our university got hit hard by the malware that was being disseminated via USB drives there were over 1000 computers infected and we had three people in our department working full time for a week cleaning things up. We also had two computers set up running linux with an application that would detect whether or not the malware was on a USB drive that were staffed from 9:00am until 6:pm for four days. They scanned hundreds of USB drives and even some cameras and cell phones and found the malware on about 15% of the devices scanned.

 

Frankly I'm tired of the reactive approach to malware/virus/trojan horses. Instead forcing everyone to buy virus checkers spamware/walware checkers and locking down machines so tight it severely impacts the productivity of those actually trying to get real work done using a computer, I advocate going after those that have anything to do with the creation of computer virusus/malware/etc or anything that tampers with another computer with a vengeance. Increase the penalities for knowingly creating/disseminating a computer virus significantly and prosecute in every case. It's about time that there was a significant deterrent rather than just bending over and spending more and more on blocking virus once they've been created.

 

Sounds great! what happens if they live outside the US?

 

Jim

Link to comment
KBI

+KBI

Posted
Posted
I advocate going after those that have anything to do with the creation of computer virusus/malware/etc or anything that tampers with another computer with a vengeance. Increase the penalities for knowingly creating/disseminating a computer virus significantly and prosecute in every case. It's about time that there was a significant deterrent rather than just bending over and spending more and more on blocking virus once they've been created.

I'm with you there. String 'em up!!! I'll buy the rope.

Link to comment
AZcachemeister

AZcachemeister

Posted
  • Author
Posted

 

Calling someone out because of your irrational fear of files doesn't seem right to me.

 

BTW You would have missed out on one of the all time best puzzle caches, fractal's "The Contact Cache"

 

That's why I didn't post the waypoint or the owner's handle.

 

Since I have no intention of doing the puzzle anyway, it's a moot point there.

 

I don't usually do hard puzzles, but some of them are easy enough, and so I look at the pages to determine if I'm going to ignore them or not.

 

Since this issue is basically one that may or may not concern Groundspeak, and the guidelines, I was looking for a consensus about whether ANY required download would be disallowed, or perhaps if it only applies to the download of programs (executables).

 

If the cache were hidden on a Tribal reservation, or in a wilderness area, or inside a place of business, the issue would be clear and I would point it out to our reviewer.

 

Since it appears that such downloading is not necessarily completely prohibited, I think I'll let it go and not further darken my already stained reputation as the Cache Police.

Link to comment
Kit Fox

+Kit Fox

Posted
Posted

I emailed my primary reviewer a few year back, when the new puzzle rules were going to take effect. I came up with an acceptable alternative that worked within the guidelines. Put simply, I have offered two different methods in order to solve the puzzle. One method requires a stegonagraphy program, and a download of files, and the other requires you to be a cryptologist.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 0
Go to topic listing
×
×
  • Create New...