Google's AMP is a gilded cage


An AMP error page

AMP is Google's attempt to re-fight the transcoding wars of the early 2000s. It is actively dangerous to the web ecosystem, helps disseminate propaganda, and is disliked by many users. If, like me, you made the mistake of trying out AMP on your website - you're in a tricky position if you try to remove […] Read More

Full Disclosure - This Bluetooth tag is leaking your personal data


tintag unencrypted communications

If you have a TingTag, your location is being broadcast without encryption! Earlier this year I purchased and reviewed the TinTag. I've spent the last month trying to get hold of the company to report a serious privacy problem with their Android app. I've not received an adequate response, so I'm publishing this post to […] Read More

Disclosed - Lifx Security Issue


I love my Lifx Bulbs. They're a quick and easy way to retrofit Internet connected goodies into a smart-home. One of the best things about them is their open API. Sure, you can use IFTTT if you want something easy - but us 1337 hax0rs want an API and Lifx provides it. The API is […] Read More

Responsible Disclosure - XSS Flaw at LetsSaveMoney.com


Another day, another bug! LetsSaveMoney.com is a "money saving" site. It offers discounts on a wide range of products and services, and is financed through affiliate marketing. My Trade Union, Prospect, has just launched a white-labelled "Members' Rewards" based on LetsSaveMoney - that's how I came across this bug. It's a depressingly familiar story - […] Read More

Google Play Won't Accept PayPal


Hey kids! Did you know that the best way to report bugs to Google is via passive-aggressive blog posts? Yup, s'true. They don't offer support for any of their products*, so your only hope is getting your complaint to the top of Reddit / HackerNews / Cool Site of the Day and hoping that particular […] Read More

Samsung Lock Screen Security Flaw


Here's a rather nifty security flaw I discovered on Samsung's Android 4.1.2. It allows you - in limited circumstances - to run apps and dial numbers even when the device is locked. Video: This attack works against Pattern Lock, PIN, Password, and Face Unlock. There is no way to secure your phone against your home […] Read More

Samsung Copy & Paste Bug (AKA Never Trust Samsung)


Samsung phones crash if you use copy & paste more than 20 times. http://t.co/2OnBwo86Shockingly bad engineering. — Terence Eden ⏻ (@edent) February 20, 2013 Sounds crazy, doesn't it? If you copy and paste text more than 20 times, your phone will restart! Some people have reported more severe crashes than that - but for me […] Read More