Major sites running unauthenticated JavaScript on their payment pages

by @edent | # # # # # # | 9 comments | Read ~23,442 times.
HTML code from Spotify.

A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src="https://example.com/whatever.js"></script> The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their […]

Continue reading

Redirect GitHub ID to Username

by @edent | # # # # # | Read ~106 times.
A screen of JSON code showing my details.

Scratching my own itch here... GitHub users have a username (mine is @edent) and have a user ID number (mine is #837136). If you want to redirect a user ID to a username, you can use the little service I've cobbled together: https://edent.github.io/github_id/#837136 That will take your browser to my GitHub page, using nothing but […]

Continue reading

Telnet control of Toshiba Smart TVs

by @edent | # # # | Read ~393 times.
Trinity from the movie The Matrix, she's a bad ass hacker!

Here's how to control the Toshiba 49U6863 - and other similar models - using Telnet. Quickstart At the command prompt, type telnet 192.168.0.123 4660 then type 1012 and your TV will turn on. MAGIC! Background After six years of use, I decided to upgrade my old 37 inch Panasonic TV. I know Toshiba aren't the […]

Continue reading

Reflections on #EMFcamp - a Science-Fact Convention

by @edent | # # # # | Read ~224 times.
Terence and Liz in front of Lasers at emfcamp.

At a science-fiction convention, you queue for hours to hear a bit-part actor describe what it was like on the set of a forgotten sci-fi show. At a science-fact convention, you have a beer with a person who is literally changing the world with a laser cutter, some diodes, and a smattering of Python. Welcome […]

Continue reading

Enabling Voice-Over-WiFi on the OnePlus 5T and Three UK

by @edent | # # # | 7 comments | Read ~1,172 times.
VoWifi Logo on the top of the Android display.

My mobile provider - Three UK - offers WiFi calling, but only if you have a phone purchased directly from them. For everyone else, they have a crappy app which hasn't been updated in two years. So, let's break out of their artificial restrictions and get some WiFi calling on the OnePlus 5T! Step-by-step Open […]

Continue reading

Advertising Screens Hacked To Mine BitCoin

by @edent | # # # # | 1 comment | Read ~16,755 times.
The display shows a windows desktop with a variety of icons. There is a window open

Spotted in London, yesterday. A large, Microsoft Windows-powered advertising hoarding has been hijacked. It's not uncommon to see broken-down Windows displays - I run https://windowsisbroken.tumblr.com/ - which is dedicated to pointing and laughing at such mistakes. But this is the first time I've seen a display repurposed for profit! It appears to be running NiceHash […]

Continue reading

Solar Battery and Alexa - in 30 lines of code

by @edent | # # # # # # # | Read ~101 times.
A list of phrases used to activate the device

Amazon Alexa is a fun little bit of kit. But it can be tricky getting it to work with all your smart devices. Not every company has an Alexa skill - just like not every company has an app. Using Flask-Ask it is possible to bring Alexa smarts to a range of previously mute devices. […]

Continue reading

Creating a generic, open source, check-in app

by @edent | # # | 1 comment | Read ~194 times.

Many years ago, when Foursquare was still cool, I built an app to let people check into chocolate bars. You know, "@edent is eating a Wonka Bar classic. 4/5?" It was a quick and dirty hackday project. Ever since, I've had the hankering to build something a bit more generic. I currently use Untappd to […]

Continue reading

An "on this day" plugin for WordPress

by @edent | # # # # # | Read ~151 times.

Just me scratching my own itch. I want to create an RSS feed of all the blog posts which I'd published on this day in the past. For example, if today is 21st of November 2016 then this plugin will show blog posts written on 2015-11-21 2014-11-21 2013-11-21 And so on. You can view a […]

Continue reading

The (Connected) House Of Horrors

by @edent | # # # # | 1 comment | Read ~177 times.

In September 2016, I was delighted to deliver this talk to ThingMonk 2016. This is the 20 minute distilation of my adventures Singing to my lightbulbs, hacking my vacuum cleaner, finding my car's source code, hacking my electric car, getting hacked by my light switches, securing my security cameras, and a whole host of other […]

Continue reading