There's a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They've split the programme between HackerOne and Intigriti. I signed… Continue reading →
An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says "Hello new site, I was referred here… Continue reading →
Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This… Continue reading →
For many years, my email footer said "Sent via my Casio cPhone" - my attempt to poke fun at the users who hadn't updated their iPhone's default email signature. This leads to an interesting question: Is there an easy way to see what device an email is sent from? If I type the attached on… Continue reading →
We all know what an email address looks like and how to validate them, right? A few years ago I got the Chinese domain name 莎士比亚.org. You can browse to it, link to it, and send email to it. Or can you? When I tried two years ago, none of the major email providers supported… Continue reading →
I had dinner with the outgoing editor of The Guardian the other night. Clever chap, sure he'll go far in life. The Guardian is very hot on security. Many of their writers have PGP keys which they publicly advertise. In theory, that's great (complaints about PGP notwithstanding) - but the reality shows just how tricky… Continue reading →
Does your email suck? Chris Woods has some suggestions on how to fix it. Check out his Better Emails tool for Outlook. Get About A Minute as soon as each episode goes live. Stick this Podcast Feed into your podcatcher Or you can Subscribe on iTunes Intro music "Gran Vals" performed by Brian Streckfus. Stopwatch… Continue reading →
Hanlon's Razor states, "Never attribute to malice that which is adequately explained by stupidity." It would be nice to think that all mistakes and errors we encounter are just the result of bone-headedness. Sadly, that's not the case. Quite often malicious people deliberately try to trick you into taking actions you would normally have ignored.… Continue reading →
As I mentioned in a previous post, I'm sick of people not being able to spell or pronounce shkspr.mobi correctly. So I've decided to double down and start using my alternate domain 莎士比亚.org. It's pronounced "Sha-shi-bi-ya", if that helps. Getting my email account set up with my hosting provider was easy enough but it turned… Continue reading →
I was listening to a podcast recently which was kind enough to mention one of my blog posts. The presenter said: ...and you should Google for this, because I'm really not sure how to pronounce this. Is it shu-huk-spur? dot mobby? Le sigh! It's a conversation I have most weeks when I'm on the phone… Continue reading →