Hacking for muggles

11 Dec 2019 on Blog, Testing

Hacking: it’s not magic, even muggles can do it.

I recently presented a talk named “hacking for muggles”. I put it together because I think the traits a person needs to identify and resolve security vulnerabilities aren’t arcane or magical. All you need is creativity, an eye for spotting patterns, and a willingness to experiment.

My career as a software tester means I get to use skills like this every day. To me, security vulnerabilities are simply another kind of interesting puzzle. I enjoy reading about and discussing how they are discovered, how they work, and what caused the vulnerability to be exposed.

So sithout further ado, here are three vulnerabilities discussed in the talk. As I’ve said, you’ll notice that discovering these was absolutely not wizardry!

1. Moonpig vulnerability

2. How I used a simple Google query to mine passwords from dozens of public Trello boards

3. Immobilise: ‘Burglar’s shopping list’ security flaw fixed

Note: I edited this post 04/03/2020 to remove references to Scott Logic’s Techie Brekkie meetup, which is where I originally presented this talk.