Blog

  • The mystery 50p coin I found

    • General
    • by Jacob Riggs
    • 13-09-2022
    5.00 of 10 votes

    Over 50 years ago a coin entered circulation. A coin that once belonged to a man named Sean Creamer. Engraved on the faces of this coin are the wordsThis once belonged to Sean Creamer 58 Henry St Limerick — worth £5 to me if returned Today this mystery coin resides with me, after what I suspect has been a very long journey.I'm not sure who Sean Creamer is or what motivated him to inscribe his message, though the words do make me think there's a certain desperation in the creative fight to declare our existence. Much like the reason many of us post online, we're participants of the past speaking our own timeless messages like a familiar chapter in a tattered book — messages that we hope might survive the test of time and someday outlive us. "See me. Remember me. I was here." Perhaps this small relic of the past is intended to function as more than a memento, a keepsake, or a souvenir. Maybe it's an artifact of history that truly belongs to nobody, only temporary caretakers during its journey, and serves to teach an important lesson about value.Maybe a value worth more than we ever realise at the time.

  • Shark Tank success 'LARQ' sent me a free water bottle

    • General
    • by Jacob Riggs
    • 27-08-2022
    5.00 of 14 votes

    Last week I fell into the abyss of watching random YouTube videos and at one point landed on a video featuring LARQ, the highest valuation company to ever pitch on the popular US television show Shark Tank. The product line they were offering was simple – self-cleaning water bottles that use UV light to purify water. Intrigued to find out if the company had found success since airing and intending to purchase one of their bottles for myself, I registered to their site.Shortly after registering I noticed a security vulnerability, and duly reported this to them that sameday. My report was well received, and as a thank you, they kindly offered to send me any product I wanted for free.Hi Jacob, Our Digital team is very grateful for your time and the issue you have brought to our attention, we would be happy to ship you any LARQ Product of your choice as a thank you! Please be so kind as to confirm which product you would like and your shipping address. Thank you! I opted to select the LARQ Bottle PureVis 740ml (insulated), as I figured this would have been my preferred choice for purchase. Thanks to the LARQ customer experience team for sending me this free gift.

  • UK ISPs prohibit ethical security research activities

    • General
    • by Jacob Riggs
    • 26-08-2022
    5.00 of 14 votes

    All major UK ISPs seem to stipulate contractual terms which specifically prohibit their customers from employing the use of their home broadband service for security testing activities, regardless of the lawful basis for those activities (such as when penetration testing and bug bounty engagements are authorised). Below are the relevant extracts I pulled from those associated policies. If you're a UK customer of these services and engage in any bug bounty or penetration testing activities, it's likely you've already agreed to comply with these terms, and may therefore be at risk of having your home broadband service suspended for violating them. POLICY EXTRACT Source: Vodafone Acceptable Usage Policy 2.  Your use of the Service ... 2.9   You must not use the internet to send information that has forged addresses or are deliberately constructed to adversely affect remote machines or other computer systems. 4.  Network security 4.1   You must not take any action that could inhibit or violate the network security of any person or company (including Vodafone) or that could adversely affect their use of the internet. POLICY EXTRACT Source: BT Acceptable Usage Policy Security Violations The BT Network may not be used to violate the security of a network, service or other system. Examples of security include hacking, cracking into, monitoring, or using systems without authorisation; scanning ports; conducting denial of service attacks; distributing viruses or other harmful software; smurf attacks; and unauthorised alteration or destruction of websites or other information. POLICY EXTRACT Source: Virgin Media Acceptable Usage Policy 5.   Your responsibilities - Virgin Media’s systems, services and equipment ... 5.2.   Specific prohibited acts in relation to Virgin Media’s systems, services and equipment are: ... 5.2.5.   attempting to circumvent user authentication or security of any host, network, or account (also known as “cracking” or “hacking”). POLICY EXTRACT Source: Sky Acceptable Usage Policy Do not violate anyone's systems or network security You must not use Sky Broadband, or allow someone else to use Sky Broadband, to violate Sky’s networks’ security or any third party’s system or network security by any method including: ... You must not send, receive, store, distribute, transmit, post, upload or download any materials that are designed to violate Sky Network’s security or any third party’s system or network security. Examples of such prohibited material may include (but are not limited to): ... •  tools designed to compromise the security of other sites; These terms make up the components of valid contracts, and as ISPs are in the business of making money, this raises a few questions. Do ISPs actually care what their customers do with their service? How enforcable are the relevant legal obligations in practice? Are ISPs actively monitoring customer traffic for attack characteristics? Do reports of abuse ever result in ISPs terminating services? Such unanswered questions might incentivise security professionals to consider the wider use of commercial VPNs.  

  • The Royal Mint sent me a limited edition gold coin

    • General
    • by Jacob Riggs
    • 25-07-2022
    5.00 of 21 votes

    For some voluntary work I did, The Royal Mint sent me a limited edition 22 carat gold coin which commemorates the life and legacy of the great mathematician and codebreaker Alan Turing. This included bespoke packaging that contained a small 'Innovation in Science' series booklet detailing Turing's remarkable achievements, and featured one of his most famous quotes: We can see only a short distance ahead, but we can see plenty there that needs to be done ~Alan Turing I would like to express my thanks to The Royal Mint for this thoughtful gift.

  • I hacked the Dutch Tax Administration and got a trophy

    • General
    • by Jacob Riggs
    • 12-02-2022
    5.00 of 43 votes

    The Dutch Tax Administration (Belastingdienst) sent me a trophy and formal letter of appreciation on behalf of the Dutch government. The front engraving on the trophy playfully reads, “I hacked the Dutch Tax Administration and never got a refund”. Together with the trophy was a formal letter of appreciation.On behalf of the Dutch Tax and Customs Administration, we would like to thank Jacob for participating in our Coordinated Vulnerability Disclosure program. For that, we present this letter of appreciation to Jacob.At the Dutch Tax and Customs Administration, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. For that, we warmly welcome people like Jacob as a particpiant in the Coordinated Vulnerability Disclosure program.We appreciate not only that you have reported a security issue to us, but also that you have professionally done this. I would like to extend my thanks to the Belastingdienst Security Operations Center for sending me such a kind gift.

  • I hacked the Ministry of Defence so they sent me this coin

    • General
    • by Jacob Riggs
    • 28-09-2021
    4.96 of 68 votes

    The UK Ministry of Defence (MoD) sent me a VDP challenge coin for my finding and responsible disclosure of a critical (9.6 CVSS) severity vulnerability. Together with the coin was a small thank you note.Thank you! The Ministry of Defence takes the security of our systems seriously. To show our appreciation for all your time and effort, we would like to reward you with a Vulnerability Disclosure hacker coin. This echos a similar response to when I hacked the Dutch government and they sent me a t-shirt.