Another GOV.UK XSS Flaw

Amusing Photo by kind permission of the inimitable Paul Clark.

Her Majesty‚Äôs Inspectorate of Constabulary (HMIC) are the police who police the police. As the Police policers you'd expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves. Yeah, yeah, these puns are unbearable. Fine. Whatever. As... Read more »

2FA Best Practice - Disable Autocomplete

twitter 2fa autocomplete-fs8

Just a short usability / security post. Hopefully, you're all using Two-Factor Authentication on your important sites. As well as a username and password, you've also got to enter a one-time code. Usually it is generated by an app, or sent to you via SMS. Each code can only be used once - which makes... Read more »

Selecting Text In Images - Pure SVG, No JavaScript

Recently, I wanted to embed an photograph of a book page. I thought it would be nifty if the text from the page could be selected. If you hover your mouse over this image, you should be able to select part of the text. Ideally, it will look something like this... It even works on... Read more »

Spycatcher's Relevance in 2014

Spycatcher Cover

In 1987 MI5's former Assistant Director, Peter Wright, released his autobiography. Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. It was immediately banned by the British Government. Although the Internet wasn't around to facilitate its distribution, it was trivial to obtain copies imported from Australia. As a boy, I remember seeing the publicity about... Read more »

Secure The Police!

City Of London non-secure-fs8

Imagine, just for a moment, you suspect that a friend of yours is a criminal. Perhaps they are running an illegal proxy, or hosting a search engine, or maybe criticising a dangerous cult, or even taking suspicious photographs. These are all - apparently - within the remit of The City Of London Police. Better report... Read more »

Dealing With Quadrophonic / DVD-A Files In Linux

dvdae-fs8

These are mostly notes to myself. These all comply with the UK's new copyright laws. Check your local laws, kiddies! DVD-Audio (called DVD-A or DVDA) never really took off. It's hard to find the discs and compatible hardware. Nevertheless, I want to listen to these high-resolution audio tracks under Linux. In these examples, I'm using... Read more »

McAfee's Failure of Trust

McAfee trust-fs8

Running a website is hard. Let me clarify - setting up a website is dead simple - keeping it running and updated is tricky. Now, for some of us, it doesn't really matter whether our sites live or die. But for big companies like McAfee it's not simple to switch off a site - especially... Read more »

UI - Law Of Proximity

Labels Photos

I was playing one of those stupid "Which X Are You?!?!?!?" quizzes which seem to be the rage these day. I'm weak willed, I know. One of the questions had a particularly interesting UI issue. It's not a particularly subtle problem. The image on the left related to the button on the right, and vice... Read more »