How to present at a hack day

by @edent | # # # # # | Read ~232 times.

I go to lots of hack days and hackathons. Some are big corporate affairs, some are boutique community events. They all have one thing in common - Geeks suck at giving demos. You have 3 minutes to convince the judges - or your peers - that you've built something brilliant. How do you do that?…

Continue reading →

How to rescue blocked files from Gmail

by @edent | # # # # | Read ~128 times.
Show Original option in Gmail.

Six years ago, I developed Android apps (APKs) which I emailed to myself. When I try to download them from Gmail today, I get this rather annoying error. Anti-virus warning – 1 attachment contains a virus or blocked file. Downloading this attachment is disabled. Google, in its efforts to protect me from myself, have retroactively…

Continue reading →

€100 Bug Bounty from Intigriti - please stop tracking your confirmation emails!

by @edent | # # # # # | 1 comment | Read ~449 times.
Weird confrimation address.

There's a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They've split the programme between HackerOne and Intigriti. I signed…

Continue reading →

Major sites running unauthenticated JavaScript on their payment pages

by @edent | # # # # # # | 9 comments | Read ~28,131 times.
HTML code from Spotify.

A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src="https://example.com/whatever.js"></script> The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their…

Continue reading →

Redirect GitHub ID to Username

by @edent | # # # # # | Read ~391 times.
A screen of JSON code showing my details.

Scratching my own itch here... GitHub users have a username (mine is @edent) and have a user ID number (mine is #837136). If you want to redirect a user ID to a username, you can use the little service I've cobbled together: https://edent.github.io/github_id/#837136 That will take your browser to my GitHub page, using nothing but…

Continue reading →

Telnet control of Toshiba Smart TVs

by @edent | # # # | 1 comment | Read ~1,677 times.
Trinity from the movie The Matrix, she's a bad ass hacker!

Here's how to control the Toshiba 49U6863 - and other similar models - using Telnet. Quickstart At the command prompt, type telnet 192.168.0.123 4660 then type 1012 and your TV will turn on. MAGIC! Background After six years of use, I decided to upgrade my old 37 inch Panasonic TV. I know Toshiba aren't the…

Continue reading →

Reflections on #EMFcamp - a Science-Fact Convention

by @edent | # # # # | Read ~240 times.
Terence and Liz in front of Lasers at emfcamp.

At a science-fiction convention, you queue for hours to hear a bit-part actor describe what it was like on the set of a forgotten sci-fi show. At a science-fact convention, you have a beer with a person who is literally changing the world with a laser cutter, some diodes, and a smattering of Python. Welcome…

Continue reading →

Enabling Voice-Over-WiFi on the OnePlus 5T and Three UK

by @edent | # # # | 37 comments | Read ~13,488 times.
VoWifi Logo on the top of the Android display.

My mobile provider - Three UK - offers WiFi calling, but only if you have a phone purchased directly from them. For everyone else, they have a crappy app which hasn't been updated in two years. So, let's break out of their artificial restrictions and get some WiFi calling on the OnePlus 5T! Step-by-step Open…

Continue reading →

Advertising Screens Hacked To Mine BitCoin

by @edent | # # # # | 1 comment | Read ~16,796 times.
The display shows a windows desktop with a variety of icons. There is a window open

Spotted in London, yesterday. A large, Microsoft Windows-powered advertising hoarding has been hijacked. It's not uncommon to see broken-down Windows displays - I run https://windowsisbroken.tumblr.com/ - which is dedicated to pointing and laughing at such mistakes. But this is the first time I've seen a display repurposed for profit! It appears to be running NiceHash…

Continue reading →

Solar Battery and Alexa - in 30 lines of code

by @edent | # # # # # # # | Read ~130 times.
A list of phrases used to activate the device

Amazon Alexa is a fun little bit of kit. But it can be tricky getting it to work with all your smart devices. Not every company has an Alexa skill - just like not every company has an app. Using Flask-Ask it is possible to bring Alexa smarts to a range of previously mute devices.…

Continue reading →