Who can I hire to hack me?

by @edent | # # # | Read ~5,390 times.
GitHub screenshot "Insert your security key Press the button on your security key device to finish signing in. If it does not have a button, just re-insert it."

I use a password manager. I have 2FA set up on everything. When an organisation asks me to set a recovery question, I generate a 32 character passphrase. I don't use my mother's maiden name or my first pet's birthday on anything sensitive. I monitor my email addresses for breaches, and I regularly check my… Continue reading →

Tado API Guide - updated for 2019

by @edent | # # # # # | 5 comments | Read ~1,148 times.
Debug screen of a web browser.

Tado is a brilliant smart thermostat. But their API is very poorly documented. This is an updated guide for 2019. I am indebted to Stephen C Phillips' original documentation. Getting started You will need: A Tado (duh!) Your Username (usually your email address) Your Password A Client Secret Getting the client secret I'm using this… Continue reading →

$3k Bug Bounty - Twitter's OAuth Mistakes

by @edent | # # # # # | 5 comments | Read ~14,022 times.
A Twitter login screen. Highlighted is the information that it cannot access your DMs.

Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and… Continue reading →

Musical Roombas!

by @edent | # # # | 1 comment
A list of musical notes and teh Hex codes needed to make them play on the robot vacuum cleaner

A few years ago, I added WiFi to my Roomba using a 3rd party add-on. Sadly, it looks like Thinking Cleaner, the company which created the WiFi unit is no longer manufacturing them. But in their latest firmware release, they added a fun new option - the ability to make your Roomba sing! I've hacked… Continue reading →

Telnet and Root on the Sercomm iCamera2

by @edent | # # # # # | 5 comments | Read ~2,495 times.
A web browser displaying the message "Open Telnet Daemon successfully!"

tldr; URL http://[IP]/adm/file.cgi?todo=inject_telnetd Telnet username root Telnet password Aq0+0009 History Four years ago to the day, I wrote an exposé of the hideous security failings of Sercomm IP Cameras. The blog has since attracked 200 comments - as people try to unlock their cameras, and find out what flaws they have. Despite my best efforts… Continue reading →

Renault's Secret Mileage API

by @edent | # # # # # # | 1 comment | Read ~440 times.
Website showing my car and its mileage

Last year I reverse engineered Renault's Electric Car API. One of the curious omissions was mileage - it just doesn't appear there. However! All is not lost. If you log in to your Renault Account - https://www.renault.co.uk/my-account/my-car.html - you'll get details back about your car including its make, model, date of next service, and mileage!… Continue reading →

Self-inflicted Denial of Service on GitHub (Disclosed)

by @edent | # # # | Read ~178 times.

I've found an interesting, but low severity, way for a malicious user to selectively deny access to specific GitHub issues and Pull Requests. This doesn't affect the whole site - just targeted pages. It doesn't require elevated permissions, nor any special skills. This is just GitHub punching itself in the face. Here's how it works.… Continue reading →

Introducing @FiverFun - silly things on Amazon for under £5

by @edent | # # # # # | Read ~381 times.

It's nearly Christmas! That means Secret Santa time at work, and the need for little stocking-filler gifts. But where can you find such cheap treats? Aha! I have created a service just for you! https://fiverfun.tumblr.com/ is my new(ish) project. It scours Amazon for the best and/or weirdest things for under a fiver! At the moment… Continue reading →

Should you open your WiFi during a disaster?

by @edent | # # # | 1 comment | Read ~255 times.

There has been a terrible natural disaster in Italy. A huge quake has broken a city. Rescue teams race to the scene to try to save lives and stabilise the situation. During the rescue efforts, the Italian Red Cross sends this tweet: #Terremoto, per favorire comunicazioni e operazioni di soccorso vi invitiamo a togliere la… Continue reading →

Easy APIs Without Authentication

by @edent | # # # # | 15 comments | Read ~50,637 times.

This is a curated list of APIs which do not require usernames, passwords, access tokens, signing, accept-headers, or anything more complicated than sticking a URL in a browser. (This is an update to my post from two years ago.) When I introduce people to the concept of using RESTful APIs, they immediately get how powerful… Continue reading →