For years, my email address was registered with our electricity supplier. I got the monthly bills sent to me. My wife's email was used for the water supplier. This made sense when we were a young couple with separate finances - but now we're a smug an old married couple, with a joint bank account,…
Continue reading →
Six years ago, I developed Android apps (APKs) which I emailed to myself. When I try to download them from Gmail today, I get this rather annoying error. Anti-virus warning – 1 attachment contains a virus or blocked file. Downloading this attachment is disabled. Google, in its efforts to protect me from myself, have retroactively…
Continue reading →
Like all security minded people, I use a unique email address for every service I sign up to. This week, I noticed I had started receiving spam to an email address associated with my Join.me account. Join.me is a screen sharing service now owned by LogMeIn. I signed up for a trial of Join.me back…
Continue reading →
Another day, another Gmail bug which won't get fixed. The original Android phone - HTC Dream - had 192MB of RAM. The latest Android phones tend to have 6GB. A 32 times increase in a decade. Laptops have also leapt forwards in speed and memory. Sadly, no one on the Gmail team has noticed. It's…
Continue reading →
There's a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They've split the programme between HackerOne and Intigriti. I signed…
Continue reading →
An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says "Hello new site, I was referred here…
Continue reading →
Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This…
Continue reading →
For many years, my email footer said "Sent via my Casio cPhone" - my attempt to poke fun at the users who hadn't updated their iPhone's default email signature. This leads to an interesting question: Is there an easy way to see what device an email is sent from? If I type the attached on…
Continue reading →
We all know what an email address looks like and how to validate them, right? A few years ago I got the Chinese domain name 莎士比亚.org. You can browse to it, link to it, and send email to it. Or can you? When I tried two years ago, none of the major email providers supported…
Continue reading →
I had dinner with the outgoing editor of The Guardian the other night. Clever chap, sure he'll go far in life. The Guardian is very hot on security. Many of their writers have PGP keys which they publicly advertise. In theory, that's great (complaints about PGP notwithstanding) - but the reality shows just how tricky…
Continue reading →