Responsible Disclosure: Content Injection flaw in Gett's Website


A basic form asking for users' credit card details.

Bit of a boring write-up, but here we go. Taxi app Gett had a content injection flaw in its search function. By searching for an HTML string, it was possible for an attacker to add links or images to a page. It was really hard to contact them - but the threat of media attention sprung them into action. For example, searching for a specially crafted string meant that an arbitrary SVG could be drawn onto the page like this: Or just a regular <img> element: Links could also be added - like …

Continue reading →

How to track down the original owners of stolen Twitter accounts


The Twitter logo drawn in circles.

Recently, one of the accounts I follow on Twitter was hijacked. It was turned into a PS5 giveaway scam. The people who hijacked the account changed the name, avatar, and deleted all the previous Tweets. Here's how I found who the original owner was, and managed to contact them. A Twitter account has a screen name. Mine is @edent. It is possible to change your screen name. Each Twitter account has a unique user ID. This is a numerical code that the API uses to keep track of users. Mine is…

Continue reading →

Minimum Viable Tweet to Semantic SVG


The Twitter logo.

One of the problems with OEmbeds of Tweets is that they're heavy. Lots of JavaScript, tracking cookies, and other detritus. See this excellent post by Matt Hobbs looking at how to make your website faster by removing Twitter embeds and replacing them with images. Here's my attempt to turn a Tweet into a semantic SVG! This doesn't attempt to faithfully recreate the exact look and feel of an authentic Tweet. But it is designed to be a small, fast, and semantic representation. Here's what it…

Continue reading →

A floppy-disk Walkman - using a Raspberry Pi


I have built the most inconvenient way of playing music! It is lo-fi awfulness and cyberpunk grungy. Thanks! I hate it! Ingredients Raspberry Pi USB floppy drive Audio Cable / Headphones USB Battery WHY?!?! As I discussed yesterday, it's possible to fit half an hour of speech on a single floppy disk. The best band in the world are The Beatles, and their shortest album is A Hard Day's Night - at 30 minutes, 45 seconds. Beatles audio was designed to be played over crappy AM radio…

Continue reading →

Buying a single character domain - and 3 character FQDN - for £15


Glowing computer text showing dot com dot info etc.

Short domains are useful for security testing. If you only have a limited number of characters, you need to be able to reference code on a remote server in as few characters as possible. A few years ago, I tried to find a Minimum Viable XSS. The conclusion that I (and others) came to is that 20 characters is the bare minimum. But it requires you have a 2 character domain name on a 2-character TLD. Something like xy.uk I don't think any 1- or 2-character domain names are available. If they're…

Continue reading →

Add review to Goodreads from Schema markup


The Goodreads Logo.

I write book reviews on my blog. I also want to syndicate them to Goodreads. Sadly, Goodreads doesn't natively read the Schema.org markup I so carefully craft. So here's the scrap of code I use to syndicate my reviews. Goodreads API Keys Get your Keys from https://www.goodreads.com/api/keys You will also need to get OAuth tokens For this documentation, I'll use the example keys - please substitute them with your own keys. from rauth.service import OAuth1Service, OAuth1Session # Get a…

Continue reading →

How to present at a hack day


I go to lots of hack days and hackathons. Some are big corporate affairs, some are boutique community events. They all have one thing in common - Geeks suck at giving demos. You have 3 minutes to convince the judges - or your peers - that you've built something brilliant. How do you do that? One Hundred and Eighty Seconds. It is not a lot of time. So here are my top 3 tips for succeeding at a demo. Show the thing This is the most important one. You need to show what you built. Demonstrate…

Continue reading →

How to rescue blocked files from Gmail


Show Original option in Gmail.

Six years ago, I developed Android apps (APKs) which I emailed to myself. When I try to download them from Gmail today, I get this rather annoying error. Anti-virus warning – 1 attachment contains a virus or blocked file. Downloading this attachment is disabled. Google, in its efforts to protect me from myself, have retroactively blocked certain filetypes from being downloaded. If you try to forward the mail somewhere else, you get this error. For security reasons, Gmail does not allow y…

Continue reading →

€100 Bug Bounty from Intigriti - please stop tracking your confirmation emails!


Weird confrimation address.

There's a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They've split the programme between HackerOne and Intigriti. I signed up to Intigriti, and instantly received a confirmation email. Can you guess where you go if you click the big "Activate Account" button? I think that's the first time…

Continue reading →

Major sites running unauthenticated JavaScript on their payment pages


HTML code from Spotify.

A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src="https://example.com/whatever.js"></script> The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their credit card details as they were typed in. This should have been a wake-up call to the industry. Don't load unauthenticated code on…

Continue reading →

Redirect GitHub ID to Username


A screen of JSON code showing my details.

Scratching my own itch here... GitHub users have a username (mine is @edent) and have a user ID number (mine is #837136). If you want to redirect a user ID to a username, you can use the little service I've cobbled together: https://edent.github.io/github_id/#837136 That will take your browser to my GitHub page, using nothing but my ID. Why? Some login services only give you the GitHub user's ID. GitHub users can change their username - but their ID stays the same. How? Inspired by…

Continue reading →

Telnet control of Toshiba Smart TVs


Trinity from the movie The Matrix, she's a bad ass hacker!

Here's how to control the Toshiba 49U6863 - and other similar models - using Telnet. Quickstart At the command prompt, type telnet 192.168.0.123 4660 then type 1012 and your TV will turn on. MAGIC! Background After six years of use, I decided to upgrade my old 37 inch Panasonic TV. I know Toshiba aren't the coolest brand around, but the 49 inch monster was half the price of the old TV. Yay Moore's Law! BUT! It turns out that Toshiba don't actually manufacture their own TVs. They just…

Continue reading →