Hacking My Bank

I have around 17 years experience in making people feel bad. I do this by finding errors in their code. I like to think I'm pretty good at it.

My computing hobby developed into a career as marketing services moved online. Converting knowledge from my hobby to improve the efficacy of marketing campaigns was easier than hacking my bank... Or so I thought.

I was recently employed by a leading marketing agency, located in Brighton. They are owned by a large multinational conglomerate which reported an anual revenue of $10 billion in 2014...


Hubsquat – Round 2

The more technical aspects of SEO are often overlooked. The website can look great on any device, but may fail to perform. There are many common mistakes that must be avoided for a natural search marketing campaign to be successful. Missing a closing tag, or an extra comma can really make the difference. Everyone makes mistakes. Including Hubspot.


Mocking the military

Disclaimer: This probably isn't safe for work.
Bad language, political views, and oxford commas aplenty.

Mocking the military; Hacking the hackers is pretty clickbaity title, but apt. This article covers a few basic cross site scripting bugs in websites owned by the Department of Defence and Ghost Security. The idea is to highlight how even the most security conscious among us can forget to check for basic exploits.


How To: Not get hacked

Getting hacked sucks, but most people don't really care about security. We hope and believe our computers take care of security for us. Posting the latest Facebook update pretending to be our cat is far more important than software updates.

The cat and mouse game could work, if your computer was the cat.

It's not.

The best we can do is play catch-up and hope the hackers take more time to develop an exploit than it takes to run an instantaneous, worldwide, fix. Of course, there is no such thing.


Scoot.co.uk XSS

I am an SEO engineer at heart. Always on the lookout for opportunities from which links and/or citations can be gleaned. Often, while looking for link placements I find sites with security vulnerabilities. I always try to work with affected sites to help secure the attack vector with mixed results. More often than not the sites get patched and everyone is happy. Sometimes I get ignored. Sometimes I get a generic "we will fix it" reply but the exploit gets ignored. The site in question passes the information stored on its site onto several authoritative websites in the UK, some of which are the biggest news organisations we have…


Legacy blog posts

Below is a list of blog posts I've created over the years on external websites. I have listed the ones I could remember. As you can probably tell, I love to write about technical web based stuff. From code to infosec, and SEO.


An XSS attack in action

Cross site scripting attacks, commonly called XSS, are becoming more and more prevalent as the power of JavaScript has evolved way beyond simple DOM manipulation. Using the power of embeded JavaScript can be beneficial for an attacker for several reasons including, but not limited to…


AV Arcade FaceBook app

A plugin created by Abeon Tech for AV Arcade which allows easy creation of an arcade on FaceBook. Version 2.0 has just been updated to fix a few bugs and several new features have been added.

Take advantage of the 500 million members using facebook! Turn your arcade into a FaceBook application in minutes. Your FaceBook application will update it’s self as you add games to your arcade. Easy to setup and admin panel for options.


AV Arcade v402 (Clean)

I have been using AV Arcade for a while now and think it’s a great script. I have spent a lot of time looking through the source code and have have some success with my arcade site. There are a few small issues with the script which don’t detract from the usability, but could reduce crawlability, SERPs and so on.


WebWoW In-game mail hack

This little modification will replace WebWoW's RA mail system (Remote Access which uses telnet) with a fully SOAP compatible version. This will replace both the admins "send mail" and users "vote shop" features. I created this little hack so the WebWoW In-game mail would use SOAP as it just seems more logical (and more easily secured!) in this instance.