Waze Vulnerability

A month or so ago, I ended up on on the Waze website – specifically, their “live map". As I often do, I found myself poking around Firefox’s developer tools, looking to see which API endpoints the webapp was interacting with. I noticed that this particular webapp called an which looked like this: https://www.waze.com/row-rtserver/web/TGeoRSS?bottom=40.73628084811186&left=-74.11780357360841&ma=200&mj=100&mu=20&right=-73.85413169860841&top=40.77825467049393&types=alerts%2Ctraffic%2Cusers The bottom, left, right and top URL parameters are fairly self explanatory (they define the bounding box over which the API is queried).

Banned From Twitter

I have been banned from Twitter. This came as a total surprise. I’m not a prolific tweeter, and when I do post, it’s never particularly controversial. I didn’t receive any notification of the ban via email. It was totally unexplained. Twitter’s support pages advise that I fill out a form in order to appeal the suspension, which I did a few minutes after I realise I’d been banned (on Tuesday 6th October).

Fake USB Memory Sticks sold via Shopify

About 6 weeks ago I was served an advert on Facebook which promoted a 2TB memory stick. They were being sold for $19.99 each, or I could buy three sticks and get one free. There were thousands of likes, comments and shares on this post, with many users saying that they had received their sticks and that they worked. It was clearly fake; this type of scam has been around for a while, and was written about by Novatech three years ago.

Invert Grep Selection

In its default mode of operation, grep filters out lines that do not match the specified filter. However, it’s sometimes desirable to exclude lines that do match the filter, for instance removing lines from a log file that contain your IP address. For some reason, I always forget how to do this – but it’s easy. Just pass -v to grep, to invert your selection. For instance: grep -v "127.0.0.1" /path/to/log.

LDAP Authentication with Django

I recently wrote a web application for managing a seminar series at University. This system allows users to book times to give talks, view a list of upcoming talks, provides an iCalendar feed of scheduled talks and emails reminders to both attendees and speakers at various times throughout the week. Rather than require users to have yet another set of log-in details to contend with, I decided to integrate the seminar management system with the department’s LDAP server.

Syncing LDAP users with Django

I recently wrote about configuring a Django application to auth against an LDAP Server using django-auth-ldap. Under this configuration, the first time a user logs in using LDAP, their Django account gets created, and you can then treat them like a standard Django user. However, in some cases you may wish to be able to refer to a user without them ever having logged in. In order to achieve this, I wrote a basic Django management script that queries an LDAP server and filters users by job title (since I only wanted to import certain users), and then creates the user appropriately:

PyVMU

I was recently asked to help develop a proof-of-concept demonstration which involved the use of an IMU (inertial measurement unit). We decided to opt for the Variense VMU931 IMU, as it was quite well priced (~£75, or $100), reasonably rugged, provided fairly high resolution data, and had a high sampling rate. The unit has nine degrees of freedom and includes a gyroscope, accelerometer and magnetometer. As it’s a fairly new product, there are very few (i.

Giphy Random Data

While talking on Slack one day, we were discussing generating random numbers with Python, and how we might go about doing it without the random module (or os.urandom()). Of course, there are many possible ways to achieve this, but Matthew Nunes jokingly suggested using Giphy as a source of random data. I decided to give this a bash - it seems to work! Obviously, it’s very silly and shouldn’t be used for anything at all important.

Downloading Files Quickly With aria2

At University, I have been blessed with a 1gb Ethernet connection, which is great for downloading large datasets and ISOs etc. However, I often find that the bandwidth of the server from which I am downloading a file is the limiting factor, meaning I cannot always max out the connection. After some searching, I came across the tool aria2c, which has quickly become my wget replacement. Aria2 is a cross-platform tool that allows you to download files using multiple connections, allowing you to take full advantage of CDNs and load balancing.

Research Into Sonification of Video/Depth Data (University Dissertation)

I have recently completed my Undergraduate Degree in Computer Science at Cardiff University. My final year project was on the topic of “Video to Audio Conversion for the Visually Impaired”. The project was quite broad, research-heavy, and in an area that I had little experience in – so it was quite a learning experience! Using an Asus XTION Camera to retrieve both RGB and Depth information from the environment, I experimented with ways of extracting shapes from the footage (in real-time), extracting various properties from these shapes (including Hu invariant moments and Elliptical Fourier co-efficients), using properties to calculate shape-similarity, and conveying this information in the form of audio.

Three Information Disclosure Vulnerability

A few weeks ago, I got an email from Three asking me to fill out a survey for them, rating my satisfaction with their services. They offered “the chance to win an iPad”, so I decided I’d fill in the survey to provide some feedback (I’m generally a fairly satisfied customer). The link opened in my default web browser (Firefox), which happened to be linked up to Burp – after filling and submitting the survey, I was able to view the requests and responses that Firefox had made during the process.

Bypassing Root Detection in Three Intouch

Three recently released “InTouch”, an application for Android and iOS that allows you to use a WiFi network to send/receive phone calls and text messages, meaning that you can continue to use your phone as a phone without having a cellular network connection. Unfortunately for me, Three decided not to allow rooted devices to use the application – launching the app on a rooted device resulted in a “It seems that the device is rooted.

Ebay XSS

Earlier in the year, I discovered an XSS vulnerability in the Selling Manager section of the eBay. The problem was caused by improper escaping of the URL’s GET parameters, which were reflected back on on the page. When choosing the “drafts” section of the session manager, I noticed that several parameters appeared in the URL: Naturally (after confirming that eBay allowed such testing), I tried modifying these parameters – to my surprise, the page happily showed my new, update values (although they weren’t saved server-wide).

Introduction to virtualenv

Keeping track of Python package dependencies can be a tricky task, especially when you’ve already got multiple packages installed and you’re not sure what your project is/isn’t using. Thankfully, a tool called virtualenv exists which helps keep track of your packages and lets you isolate installations. Installing virtualenv is easy – it’s a Python script, and can be obtained by running pip install virtualenv. Once virtualenv is installed, you can create your virtual environment by running virtualenv my_env_name.

Quick and Dirty VPN Server With pptpd

I’ve recently found myself wanting to be able to quickly create a VPN server, with minimal client-side setup. Normally, my VPN Server of choice is OpenVPN, but this doesn’t really fill those criteria – server side, you’ve got to generate keyfiles, certificates, config files. This wouldn’t be so bad – but it’s a similar story client-side. If your grandma want’s a VPN connection, then having to send over OpenVPN installers, certificate files and configs isn’t ideal.

Tunneling OpenVPN Through SSH

I have recently discovered that it is fairly easy to tunnel OpenVPN through SSH. This is useful if you are behind a restrictive firewall that uses SPI to block services rather than plain old port blocking. An SPI firewall is able to distinguish between one packet type and another, without just checking the port that is in use. You can, of course, get a much more in-depth and accurate account of what SPI does/doesn’t do from Wikipedia, however that it’s really the purpose of this post.

Skipping Certificate Checks With Wget

Just a quick post – If you want to download a file using wget from a server that has an invalid SSL certificate (expired, not from a trusted issuer etc) then you can use the --no-check-certificate flag to make wget ignore such errors. It’s worth noting that you shouldn’t blindly ignore certificate errors. If you’re downloading from what is normally a trusted source and have no reason to expect to be presented with an invalid cert, then further investigation is due.

OSX Internet Sharing DHCP Lease file

Just a quick post – While using the Internet Sharing function of OSX, I ran into some errors where my client machine wasn’t getting an IP address. I did some digging, and it turns out that the dhcp lease file is stored at this location: /private/var/db/dhcpd_leases This is definitely the location for Lion – I’d imagine that it’s the same for 10.5 (Leopard) and 10.6 (Snow Leopard) as well… although i’m not 100% sure.

Corsair Force Series 3 with Macbook Pro (15" Early 2011)

Just in-case you where interested/thinking of upgrading, I can confirm that the Corsair Force Series 3 is 100% compatible with the Early 2011 Macbook Pro. I have the 15″ version, but I’d imagine that it would be the case for all screen sizes. I opted for the 120GB model – I wasn’t sure that I would have enough room to begin with, I’ve got pretty much everything I need installed and still have 90GB+ free (after following instructions on disabling your sleepimage file here: http://hints.

Choosing a low cost VPS

I often like to try out different VPS providers, as listed on LowEndBox. There are normally 2-3 offers posted there every day, so it can be a difficult to know who to go for. Here is what I look out for: Cost On a website like LowEndBox, you’re unlikely to find VPS listing for more than $10 or so. That said, some offers are much better value than others – I normally judge the value on the criteria below.

OpenVPN Internet Routing on OpenVZ VPS

As far as I know, the iptables masquerade module is not compatible with OpenVZ. As a result, many guides online on how to route all traffic through an OpenVPN Tunnel do not work with OpenVZ, as they depend on the masquerade module of iptables. This IPTables rule: iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source XXX.XXX.XXX.XXX where XXX.XXX.XXX.XXX is your VPS’s EXTERNAL IP address` can be used instead. You can add these lines to your /etc/rc.