A quick report into a nasty privacy vulnerability I found with the CAB. Unusually for me, this has no Internet component. Regular readers will know about my recent court visit. As part of that, I had to telephone the CAB Volunteers at the court who look after witnesses. I called, and was put on hold, […] Read More
Tag: security
Privacy, Security, & Ethics - Computer Science's "Jüdische Physik"
I'm going to tell you an anecdote which is a gross oversimplification of a complex topic. In the early half of the twentieth century, certain physicists made breakthroughs in relativity, quantum mechanics, and nuclear energy. Many of these scientists were Jewish. The Nazis called these heretical ideas "Jewish Science" and suppressed their teaching. Jewish physicists […] Read More
Would you trust this ATM?
Fake cash-machines are an increasing problem around the UK. Criminals attach all sorts of machinery - including fake fronts - to ATMs with the aim of stealing cash or card details. Wandering around Oxford yesterday, I noticed this sign attached to a bank's ATM: "This ATM is running slow and may take a while to […] Read More
Udacity Bug Bounty - or, please stop tracking every link in your emails
Look, I know your company wants metrics. I know your boss wants to see the exact percentages of people who click on links in your emails. Your sales team are desperate to track conversions. Someone wants to optimise your funnel for reasons which are unclear to you, a lowly engineer. So you make the mistake […] Read More
Advertising Screens Hacked To Mine BitCoin
Spotted in London, yesterday. A large, Microsoft Windows-powered advertising hoarding has been hijacked. It's not uncommon to see broken-down Windows displays - I run https://windowsisbroken.tumblr.com/ - which is dedicated to pointing and laughing at such mistakes. But this is the first time I've seen a display repurposed for profit! It appears to be running NiceHash […] Read More
MailChimp leaks your email address
An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says "Hello new site, I was referred here […] Read More
There's no HTTPS for the Internet of Things
Me being grumpy and stupid again. I have an IP Camera on my LAN, I want to connect to it via HTTPS. I can't. Why is that? Why do this? I have a username and password to access my IP camera. And my TV. And my lightbulbs. And all my networked gadgets. If I try […] Read More
Co-Op Bank - Making Banking Inaccessible
I've blogged before about how backward the Co-op bank is - sadly, they've not improved in the last few years. I needed to close down my business bank account. I hopped on to online banking, provided all my details, went through 2FA with a physical token, remembered my mother's maiden name and began searching the […] Read More
Telnet and Root on the Sercomm iCamera2
tldr; URL http://[IP]/adm/file.cgi?todo=inject_telnetd Telnet username root Telnet password Aq0+0009 History Four years ago to the day, I wrote an exposé of the hideous security failings of Sercomm IP Cameras. The blog has since attracked 200 comments - as people try to unlock their cameras, and find out what flaws they have. Despite my best efforts […] Read More
Don't Cover Your Webcam's LED
Just a quick note on a mistake I see people making. Webcam covers are a cheap and easy way to prevent your laptop's camera from spying on you. But too many of the covers obscure the LED which indicates that the camera is on. If you cover your activation LED then you won't be able […] Read More