Ben Tasker's Blog

Barclays Online Banking gives 3rd Parties access to login pages

Banks aren't exactly known for living on the bleeding edge - even where good security practice moves on, they tend to be years behind. For better or worse, they lean toward preferring stability and consistency over chasing the latest and greatest.

However, this issue doesn't really fall under that traditional niche of "well, banks will be banks".

Barclays bank (and others) are giving 3rd party scripts access to their Internet Banking login pages - the result is that a compromise or mistake at their supplier could compromise their customer's login credentials.

I highlighted this issue a few months back, and Barclays replied with "deliberate, not an issue" (paraphrasing a bit there), so I'm now getting around to writing it up.

Read more ...

Amazon Blocks FLoC across most sites

Google's Federated Learning of Cohorts (FLoC) isn't exactly noted for it's popularity.

The company claims that FLoC will improve privacy, though various researchers disagree (and there are issues that have remained unaddressed for years).

For those who're not up to date: the stated aim of FLoC is to replace tracking via 3rd party cookies with an engine within the browser that profiles your browsing habits and adds you into a cohort of users with similar behaviour - advertisers then advertise to you based on your cohort ID (I wonder why the idea of a browser tracking your habits for advertising purposes hasn't won hearts and minds in the way they wanted...).

News has broken (via Digiday) that Amazon have blocked FLoC from operating on (most of) their domains - the exception seems to be Abebooks.

Because it's driven by a HTTP response header, we can trivially confirm for individual domains:

curl -v -o/dev/null https://www.amazon.co.uk 2>&1 | grep permis
< permissions-policy: interest-cohort=()

Read more ...

Sparkler Bombs...

Firstly, to deal with the obvious: the term sparkler bomb is a bit of a misnomer, the burst isn't contained -  there's no explosion, just a large woosh. There are, of course, ways to contain them and make a bang, but doing so is (frankly) twattish and far, far less fun (even before it goes wrong and puts you in A&E).

Secondly: this post is offered as a bit of fun, not as an instructable - if you're silly enough to try and recreate (or better) my mischief, then the consequences lie with you and you alone.

Anyway, moving on...

One of my earlier memories of being on the internet, was delight at finding pages talking about creating sparkler bombs. Pages much like this post (in fact, I'm all but certain that was one of them, I remember the humour and definitely remember the imagery).

Much like any obsession on the earlier web, I only had photos to go on (Youtube wouldn't be created, let alone mainstream, for years - even where videos were recorded, they were shared as framegrabs).

The photos, though, showed some fairly spectacular results:

Sparkler Bomb Picture from www.dansdata.com

That blue line is an artefact of the CCD in the camera the image was captured on (i.e. it's not really there), but it does nothing but add to the effect.


At the time, I couldn't possibly have built a sparkler bomb myself - being too young to buy the things was a surmountable obstacle, but not having the funds to buy them in the first place was not. And so, some things that should not have been forgotten were lost - at least for a time.

Actually, I have periodically thought about them - usually when handed a sparkler - but the thought's slipped from my mind well before being able to act on it.

Recently though, I had need for a couple of small sparklers (think of things you put on a cake), and had the rest of the pack left over. Being mini sparklers it was never going to be anything near as spectacular as the image above, but nowadays we do have an availability of cheap video cameras to watch things in slow-mo so I figured it'd still be interesting to try.

Read more ...

Making my books freely available

Nearly a decade ago, I self-published a couple of books on the Kindle store: Linux for Business People and A Linux Sysadmin's guide to mischief.

Since then, I'd largely forgotten about them, until sorting through some files today.

They're pretty outdated (and weren't that great back then), but I figured as they've served their original purpose, I'd make them freely available:

 

Linux for Business People A Linux Sysadmin's guide to Mischief

Both come from those happy, happy days before SystemD inserted itself onto our systems...