Hacking: it’s not magic, even us muggles can do it.
Recently I presented a talk called “hacking for muggles”. I put it together because I think the traits a person needs to find, exploit, and fix security vulnerabilities aren’t arcane or magical. You can get by with an abundance of simple creativity, an eye for spotting patterns, and a willingness to experiment.
My career as a software tester means I get to use these skills every day. To me, security vulnerabilities are thus simply another kind of interesting puzzle. I enjoy reading about and discussing how they are discovered, how they work, and what caused the vulnerability to be exposed in the first place.
Without further ado here are three vulnerabilities discussed in the talk. As I’ve introduced you’ll notice that discovering these was absolutely was not wizardry!
- Moonpig vulnerability
- How I used a simple Google query to mine passwords from dozens of public Trello boards
- Immobilise: ‘Burglar’s shopping list’ security flaw fixed
Note: this post was edited 04/03/2020 to remove references to Scott Logic’s Techie Brekkie meetup which is where I originally presented this talk.