Huffington Post UK XSS Flaw (Disclosed & Fixed)

by @edent | # # # | Read ~113 times.

The UK version of the Huffington Post was vulnerable to an XSS flaw. This allowed any malicious user to inject images, video, text, and JavaScript into the page. Although the above image show a very silly use of XSS, it could quite easily be used to craft a page to encourage journalists and readers to… Continue reading →

I Still Don't Want To Be Part of Your Fucking Ecosystem

by @edent | # # # # | 30 comments | Read ~33,455 times.

One of the most popular blog posts I have written is called "I Don't Want To Be Part of Your Fucking Ecosystem". In it, I rant against service providers trying to lock their customers into a monoculture. Companies are always looking for the edge which will make them stand out - they think that restricting… Continue reading →

Evading Profanity Filters Using Bi-Directional Text

by @edent | # # | 1 comment | Read ~2,910 times.

There are some very sensitive souls on the Internet who object to seeing swear words. To that end, a huge industry has sprung up around "Profanity Filters" - services which claim to be able to detect naughty words and automatically redact them. The approach of dumbly looking for strings of text leads to a range… Continue reading →

RTL Bugs

by @edent | # # # # # | Read ~1,217 times.

Take a look at the following text, looks normal enough doesn't it? "Harry ‮".draziw a si ‭Potter Now, try to select the text and see what happens. WHAT WITCHCRAFT IS THIS?! If you examine the source code for this page, you'll see that I'm using the Unicode Bi-Directional characters. "Harry ‮".draziw a si ‭Potter These… Continue reading →

Homoglyphs for SEO

by @edent | # # # # # | Read ~213 times.

Search Engine Optimisation is the (dark) art of getting a site to the top of Google's ranking algorithm. If you're in the business of selling decorations for ponds, you want your shop to be right at the top of the results when people search for "bespoke synthetic frog spawn." The problem is, there are lots… Continue reading →

Homoglyph Attacks

by @edent | # # | Read ~936 times.

Homoglyphs are characters that love each other very much look strikingly similar to each other. Can you quickly tell the difference between these two - O0? That's The capital letter "o" and the number 0. How about Il1|? Depending on the font used - and your attention to detail, it may be hard to spot… Continue reading →

Where is this Pinterest Spam Coming From?

by @edent | # # # | Read ~182 times.

I've started seeing an uptick in Twitter spam - ostensibly from my friends telling me I can make money online. The common denominator is that they all use Pinterest as a vector for spreading the spam. Looking at the accounts of people who have recently tweeted these or similar messages, shows that the majority are… Continue reading →

How Should We Punctuate on the Web?

by @edent | # # | 2 comments | Read ~135 times.

Imagine, just for a moment, you were a computer. Take a look at the following sentence and try to work out where and how you should hyperlink the text. He said "You should visit http://example.com/!" Obvious, isn't it? Except, of course, it's not really that simple. There could well be a file named "!" on… Continue reading →

Chumming Down

by @edent | # # | 9 comments | Read ~478 times.

I'm turning into an old curmudgeon. Either that, or the new wave of social marketing has severely missed its intended target. Let me ask you a question, do you want to be friends with your utility company? Your phone provider? Your soft drinks manufacturer? I don't mean "follow-on-social-media" friends - I mean actual buddies. On… Continue reading →

Learning to Code vs Learning Computer Science

by @edent | # # # # | 33 comments | Read ~64,673 times.

It's always very tricky when people who aren't educators start banging on about what should or shouldn't be taught in schools. My own school days are but a hazy memory of hormones, angst, and boring homework. Yet here I am, pontificating. With the current "fad" of encouraging children to learn to code, I thought I… Continue reading →