Hacking My Bank

I have around 17 years experience making people feel bad by finding errors in their code. I like to think I'm pretty good at it.

My computing hobby developed into a career in internet marketing as services moved online. Converting knowledge from my hobby to improve the efficacy of marketing campaigns was easier than hacking banks... Or so I thought. I was recently employed by the leading marketing agency located in Brighton.

They are owned by a large multinational conglomerate which reported an anual revenue of $10 billion in 2014...

Security

Hubsquat – Round 2

The more technical aspects of SEO are often overlooked. The website can look great on any device, but may fail to perform. There are many common mistakes that must be avoided for a natural search marketing campaign to be successful. Missing a closing tag, or an extra comma can really make the difference. Everyone makes mistakes.

SEO

Mocking the military

Disclaimer: This post is probably not safe for work. Bad language, political views, and oxford commas aplenty.

This article covers a few basic cross site scripting bugs in Department of Defence and Ghost Security websites. The idea is to highlight how even the most security conscience among us can forget to check for the most basic exploits.

Security

How To: Not get hacked

Most people don't really care about security. We hope and believe our computers take care of security for us. Posting the latest Facebook update pretending to be our cat is far more important. The cat and mouse game could work, if your computer was the cat. It's not. The best we can do is play catch-up and hope the hackers take more time to develop an exploit than it takes to run an instantaneous, worldwide, fix. Of course, there is no such thing.

Security

Scoot.co.uk XSS

I am an SEO engineer at heart. Always on the lookout for opportunities from which links and/or citations can be gleaned. Often, while looking for link placements I find sites with security vulnerabilities. I always try to work with affected sites to help secure the attack vector with mixed results. More often than not the sites get patched and everyone is happy. Sometimes I get ignored. Sometimes I get a generic "we will fix it" reply but the exploit gets ignored. The site in question passes the information stored on its site onto several authoritative websites in the UK, some of which are the biggest news organisations we have…

Security

Legacy blog posts

Below is a list of blog posts I authored during my employment at RocketMill. They tend to rename the author when someone leaves, so I have noted them here for posterity. It should be clear by my sardonic, pathetic attempt at humour... But if not, my name still appears in the comments of several posts as the original author!

SEO

An XSS attack in action

Cross site scripting attacks, commonly called XSS, are becoming more and more prevalent as the power of JavaScript has evolved way beyond simple DOM manipulation. Using the power of embeded JavaScript can be beneficial for an attacker for several reasons including…

Security

AV Arcade FaceBook app

A plugin created by Abeon Tech for AV Arcade which allows easy creation of an arcade on FaceBook. Version 2.0 has just been updated to fix a few bugs and several new features have been added.

Take advantage of the 500 million members using facebook! Turn your arcade into a FaceBook application in minutes. Your FaceBook application will update it’s self as you add games to your arcade. Easy to setup and admin panel for options.

Code

AV Arcade v402 (Clean)

I have been using AV Arcade for a while now and think it’s a great script. I have spent a lot of time looking through the source code and have have some success with my arcade site. There are a few small issues with the script which don’t detract from the usability, but could reduce crawlability, SERPs and so on.

Code

WebWoW In-game mail hack

This little modification will replace WebWoW's RA mail system (Remote Access which uses telnet) with a fully SOAP compatible version. This will replace both the admins "send mail" and users "vote shop" features. I created this little hack so the WebWoW In-game mail would use SOAP as it just seems more logical (and more easily secured!) in this instance.

Code