How to track down the original owners of stolen Twitter accounts

by @edent | # # # | 2 comments | Read ~215 times.
The Twitter logo drawn in circles.

Recently, one of the accounts I follow on Twitter was hijacked. It was turned into a PS5 giveaway scam. The people who hijacked the account changed the name, avatar, and deleted all the previous Tweets. Here’s how I found who the original owner was, and managed to contact them. A Twitter account has a screen…

Continue reading →

Minimum Viable Tweet to Semantic SVG

by @edent | # # # # | 3 comments | Read ~219 times.
The Twitter logo.

One of the problems with OEmbeds of Tweets is that they’re heavy. Lots of JavaScript, tracking cookies, and other detritus. See this excellent post by Matt Hobbs looking at how to make your website faster by removing Twitter embeds and replacing them with images. Here’s my attempt to turn a Tweet into a semantic SVG!…

Continue reading →

A floppy-disk Walkman – using a Raspberry Pi

by @edent | # # # # | 30 comments | Read ~18,724 times.

I have built the most inconvenient way of playing music! It is lo-fi awfulness and cyberpunk grungy. Thanks! I hate it! Ingredients Raspberry Pi USB floppy drive Audio Cable / Headphones USB Battery WHY?!?! As I discussed yesterday, it’s possible to fit half an hour of speech on a single floppy disk. The best band…

Continue reading →

Buying a single character domain – and 3 character FQDN – for £15

by @edent | # # # # | 15 comments | Read ~19,665 times.
Glowing computer text showing dot com dot info etc.

Short domains are useful for security testing. If you only have a limited number of characters, you need to be able to reference code on a remote server in as few characters as possible. A few years ago, I tried to find a Minimum Viable XSS. The conclusion that I (and others) came to is…

Continue reading →

Add review to Goodreads from Schema markup

by @edent | # # # # # #
The Goodreads Logo.

I write book reviews on my blog. I also want to syndicate them to Goodreads. Sadly, Goodreads doesn’t natively read the Schema.org markup I so carefully craft. So here’s the scrap of code I use to syndicate my reviews. Goodreads API Keys Get your Keys from https://www.goodreads.com/api/keys You will also need to get OAuth tokens…

Continue reading →

How to present at a hack day

by @edent | # # # # # | Read ~319 times.

I go to lots of hack days and hackathons. Some are big corporate affairs, some are boutique community events. They all have one thing in common – Geeks suck at giving demos. You have 3 minutes to convince the judges – or your peers – that you’ve built something brilliant. How do you do that?…

Continue reading →

How to rescue blocked files from Gmail

by @edent | # # # # | Read ~472 times.
Show Original option in Gmail.

Six years ago, I developed Android apps (APKs) which I emailed to myself. When I try to download them from Gmail today, I get this rather annoying error. Anti-virus warning – 1 attachment contains a virus or blocked file. Downloading this attachment is disabled. Google, in its efforts to protect me from myself, have retroactively…

Continue reading →

€100 Bug Bounty from Intigriti – please stop tracking your confirmation emails!

by @edent | # # # # # | 1 comment | Read ~512 times.
Weird confrimation address.

There’s a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They’ve split the programme between HackerOne and Intigriti. I signed…

Continue reading →

Major sites running unauthenticated JavaScript on their payment pages

by @edent | # # # # # # | 11 comments | Read ~30,104 times.
HTML code from Spotify.

A few months ago, British Airways’ customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src=”https://example.com/whatever.js”></script> The 3rd party’s site was hacked, and the JS was changed. BA’s customers ran the script, which then harvested their…

Continue reading →

Redirect GitHub ID to Username

by @edent | # # # # # | Read ~1,175 times.
A screen of JSON code showing my details.

Scratching my own itch here… GitHub users have a username (mine is @edent) and have a user ID number (mine is #837136). If you want to redirect a user ID to a username, you can use the little service I’ve cobbled together: https://edent.github.io/github_id/#837136 That will take your browser to my GitHub page, using nothing but…

Continue reading →