Another day, another bug! LetsSaveMoney.com is a "money saving" site. It offers discounts on a wide range of products and services, and is financed through affiliate marketing. Links removed, because the site has disappeared. My Trade Union, Prospect, has just launched a white-labelled "Members' Rewards" based on LetsSaveMoney - that's how I came across this […]
Continue reading →
Private Eye is the only "Dead Tree" publication I buy. I think its satire misses the mark more often than not - but its investigative journalism and general muck-raking are second to none. The Eye has reluctantly been drawn into the digital age. It has a piss-poor website run by the sort of "tired and […]
Continue reading →
The Citizens' Advice Bureaux have just released a real-time view of what people are searching for on its site. It's heartbreaking. Tom Loosemore@tomskitomskiInteresting new digital stuff emerging from @CitizensAdvice display-screen.cab-alpha.org.uk <-- uncomfortable, messy, visceral reality @mikedixonCAB❤️ 8💬 3🔁 010:03 - Tue 21 October 2014 who supplies my electricity why do some children become looked after […]
Continue reading →
This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the […]
Continue reading →
This is part 1 of a series of blog posts looking at the security of the UK Government's web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people. […]
Continue reading →
The UK version of the Huffington Post was vulnerable to an XSS flaw. This allowed any malicious user to inject images, video, text, and JavaScript into the page. Although the above image show a very silly use of XSS, it could quite easily be used to craft a page to encourage journalists and readers to […]
Continue reading →
Ever heard of Mydex? Here's how they describe themselves: Mydex provides the individual with a hyper-secure storage area to enable them to manage their personal data, including text, numbers, images, video, certificates and sound. No-one but the individual can access or see the data. Not just secure, but hyper-secure! They've been signed up by the […]
Continue reading →
· bug NaBloPoMo security xss · 250 words · read ~395 times.