Responsible Disclosure: SVG injection in Three.co.uk

by @edent | # # # # # # | 4 comments | Read ~442 times.
The website has a circle drawn on it.

Here's a quick write-up of a minor XSS (Cross Site Scripting) vulnerability on the website of Three.co.uk - one of the UK's mobile providers. A brief recap... Most websites have a search function. If you search for something which cannot be found, the site will often say "No results found for XYZ." If we can…

Continue reading →

The Usability of Unboxing

by @edent | # # # # # | Read ~301 times.
Home Signal Box.

I review a lot of tech kit. It is amazing just how bad the consumer experience is when you have a brand-new box in your hands. It can be as simple as difficult to open packaging, to the existential horror of a poorly translated manual. The first time a customer holds your product in their…

Continue reading →