Photo of Terence Eden. He has a beard and is smiling.

Terence Eden’s Blog

Responsible Disclosure: SVG injection in Three.co.uk

· 4 comments · 250 words · read ~637 times.

The website has a circle drawn on it.

Here's a quick write-up of a minor XSS (Cross Site Scripting) vulnerability on the website of Three.co.uk - one of the UK's mobile providers. A brief recap... Most websites have a search function. If you search for something which cannot be found, the site will often say "No results found for XYZ." If we can convince the search engine to spit out HTML, we can inject malicious content into the page. This is usually done by searching for something like <script>alert("h4X0r");</script>…

Continue reading →

The Usability of Unboxing

· 550 words · read ~353 times.

Home Signal Box.

I review a lot of tech kit. It is amazing just how bad the consumer experience is when you have a brand-new box in your hands. It can be as simple as difficult to open packaging, to the existential horror of a poorly translated manual. The first time a customer holds your product in their hands should be a moment of joy. Something to reinforce the notion that they have been wise with their investment. I'm going to walk through an example of a poor unboxing usability, in the hope that it will…

Continue reading →