Nokia is recently in news for declaring, that some of its batteries are faulty and are ready to replace. Nokia has created a webpage where user of Nokia Phones with BL - 5C Batteries can enter the 26 character product Id and for which it gives whether you need to replace battery or not. One of the regional news channel has reported about one of the software engineer claiming the web page as fraud and is giving "No need to replace battery" message even when user is entering 26 characters as blank spaces or special characters. After watching this report I cant resist myself from opening up the code and inspecting it (That's what code inspections is about ;)). Luckily the code was written in javascript, you can find the code here. The code is checking whether the product id entered is 26 characters or not and its not checking for any validity of product. Later its calculating for MD5 hash, basically it is taking Md5 hash of 13Th character which should be either 8d9c307cb7f3c4a32822a51922d1ceaa or 69691c7bdcc3ce6d5d8a1361f22d04ac along with other constraints. Have written script and verified whether this hash of any of characters [A-Z][0-9] is one mentioned above and got two characters, so there are definitely millions of batteries meeting this criteria assuming all the combinations of this 26 character product Id.
News channels need to be more careful while reporting the articles like these as these may impact the company's prospects. They need to confirm before just believing anything and reporting it.
News channels need to be more careful while reporting the articles like these as these may impact the company's prospects. They need to confirm before just believing anything and reporting it.
great post dude...
ReplyDelete