OutSystems NextStep 2020: Trivia Challenge results can be and have been manipulated

This is a message to OutSystems: please dismiss the Trivia Challenge available through the OutSystems NextStep 2020 online website. Every user with a little bit of JavaScript knowledge can easily manipulate his results (and highly probably the results of others too, I suspect). 


This has already been done by many participants as you can see from the scoreboard at this moment (15-06-2020, 09:00 CET). In theory the maximum number of points that a user can achieve is 100000 as there are 10 questions and a maximum of 10000 points for each correct answer. There are users with more than 100000 points!

The number of points that can be earned decreases as time passes, from the moment the question and possible answers show up to the moment the user selects the desired answer. For every 100 milliseconds, 100 points are decreased. Given that the answers don't always show up in the same order on the screen and that the correct answer does not always show up on the same position, a human user needs to read on average part of two of the four answers presented and then react by clicking on the correct one. Unfortunately, the human brain does not process visual information in the order of tens of milliseconds but more in the order of hundreds of milliseconds. With that in mind, results above 99000 points can be definitely dismissed, in other words, they have been clearly manipulated.


As users can be rewarded with a fair amount of money by their results on this Trivia challenge and the results have been clearly manipulated already, I would like to suggest OutSystems to remove the Trivia Challenge from the NextStep 2020 online website. 


Greetings,

pedro

Hey Pedro,

Thanks a lot for bringing this to our attention. 

We have already alerted the team to look into this asap!

The trivia is supposed to provide a moment of fun and we want it to be done the right way.

We will keep the community posted regarding the updates.

Hi Andreia,

participants are (still) having a lot of fun "hacking" their scores. I find it puzzling that it takes so long for OutSystems to react on this. 

I suspect the website used for the conference is managed by an external party and that, therefore, it is more difficult to react fast. I can also imagine that there are other relevant issues popping up at the moment as the conference is at full speed. Nonetheless, I would say that, from an image perspective, and specially for new prospects, having a "security breach" on the website of its own annual conference is not the image OutSystems would like to pass.

App Shield has just been launched and several talks in this year's conference revolve around security. Security is at the heart of OutSystems. Let's try to pass that image to everyone, and especially to newcomers to the OutSystems world.



Hi Pedro,

I appreciate you bringing this up, and you're definitely on point. We're using a third-party app for the conference and unfortunately can only modify certain things. We're looking into what fixes we can make but are limited.

The goal of the trivia was to add some fun to the online experience. :)

Jen

Jennifer Lopez wrote:

Hi Pedro,

I appreciate you bringing this up, and you're definitely on point. We're using a third-party app for the conference and unfortunately can only modify certain things. We're looking into what fixes we can make but are limited.

The goal of the trivia was to add some fun to the online experience. :)

Jen

 Help - I want to enter the conference - I am 2 days new to Outsystems....I registered.....I clicked forgot password to generate a new one but never received any confirmation or password email.  How do I get in?  Can anyone point me in the right direction?   There is no "contact" on the conference or conference login page


 

Oh no, Julie! Did you use the email address in your profile? I've sent your issue to support! Let's get you in asap.

THANK YOU - I am in!