Geneva, 10 September 2008. The first beam in the Large Hadron Collider at CERN was successfully steered around the full 27 kilometres of the world’s most powerful particle accelerator at 10h28 this morning. This historic event marks a key moment in the transition from over two decades of preparation to a new era of scientific discovery.
I may have identified a possible security weakness with the 3V.ie (online customer account) service. This occurred recently while trying to retrieve my own 3V account details, this weakness would allow any person with prior knowledge that you have a 3V account coupled with your mobile phone number to access your 3V “Online Customer Service” browse your balance & purchase history etc. Here is a summary of user tasks taken from their website:
Online Customer Service
Sign on to the new Online Customer Service section of this 3V website using your email address and personal password to:
Receive again the security details for any Voucher.
Check the balance and transaction history on your 3V Vouchers.
Redeem money left on your 3V Vouchers to your bank account.
Transfer money from one Voucher to another Voucher.
Request a replacement 3V Customer Card.
Update your personal details or password.
Change how you receive the security details when you buy a 3V Voucher.
You can also find the balance and transaction history for any 3V Vouchers quickly by clicking on the View Transaction History link on the left hand side of this page.
The info that follows may have been a one off chance of gaining someones account information but non the less a weakness… try it yourself on your own account if you like!
Let me explain…
I hadn’t used my 3V account with over a year and had lost my card but also had forgot my account username and password, so a few weeks ago I tried the standard “Forgot Your Password” option on the website www.3v.ie and went through the various email address I may have used for that account. Unfortunately neither of my email addresses worked as the 3V website started to throw an error along the lines of “Cannot complete your request, please try later” etc.
Now at this point I gave up and then a couple of days later I tried the same procedure but got the same result, out of frustration I sent 3V.ie an email asking how I could retrieve my account details but never received an answer,but
Only discovered this today on their website:
“Emails must be sent from your registered email address and must include the last six digits of your 3V Voucher number if you have a query about a particular 3V Voucher.”
Roll on about 2 weeks later I really needed to use the 3V account to purchase an ebay item so I opted to call support by phone. This is where their weakness began to show…
I called customer service and stated that I needed to retrieve my account information, I was asked for my registered email address and password. I then explained that I couldn’t remember my registered email address or password and that is why I was speaking to support on phone! What followed was clearly shocking! Support asked me for my mobile number which I gave, I was then told my email username was email@example.com with no problem….. at that point I was actually relived now to have at least my username so while talking to support I tried the “Forgot My Password” option on the website login and still got the “Cannot complete your request, please try later” response feeling annoyed I asked why it was not working for me and also sensing the support persons frustration as I was asked to repeat the request… but each time it failed and then out of the blue I was informed “OK your password is xxxxx try that” and yes I had my password and yes it did work!!!
So what I’m saying here is if I was posing as another person and rang customer support armed with just a known 3V user and there mobile number I could easily retrieve their information by causing a flurry about why I cannot access my account for some reason or another using the flaw “Cannot complete your request, please try later” response” etc. This happend to me and made me realize I could have been someone else! or maybe… just maybe the customer support person could actually see I was trying to access the system at that point and felt confident I was the same person on the end of the phone and freely gave the details away?
I recently purchased this excellent monitor calibration tool called “huey” from PANTONE® the reason being I was constantly struggling with monitor colour and gamma etc. Having used the Windows based tool “Adobe Gamma” which works to some degree for general calibration but when it comes to editing photos and especially video there was a need to get something that would do the job better so that your colours can be accurate all the time.
Huey (a USB device) was a simple install from the disk and takes only 5 minutes to have it up and running. First it tests the ambient light in your room and adjusts, then it asks you to place the widget on your monitor (it has little suction pads underneath) and goes through a 2 minute process of colour testing, when all is done you replace the widget back in its holder and you can choose an option to have it constantly monitor the changing room light as day becomes night it will automatically adjust your setting seamlessly.
The results are great, my screen colours are now more true and crisp with no gamma haze or overtones there is a confidence knowing what I see is what it is. When it comes to printing this widget really works… no more reds printing as pink etc. what you see on screen will come out on print.
Would I recommend it? Yes for sure its reasonably cheap… I picked up mine on Ebay for about €55.00 including p+p. If you have been having trouble with colours and calibrating give this product a go, you wont be disappointed.
In the past few weeks I have upgraded my WordPress version from 2.3.1 to 2.3.3 and tonight to version 2.5 I must say everything went sweet!
I actually like the new interface it’s much more condensed and customizing the dashboard is simple. The option to upgrade newer plugin versions via FTP is really cool!
The image manager is excellent, I now no longer have to scroll down to the bottom of a post to insert images and the Gallery feature is a welcome. Toggle Full Screen mode is great and eliminates the double scroll bar issues when managing a long post. Just to note I have 7 various plugins on my blog and all work fine after re-activating them.
That’s all I’ve got time for now… must go, play and discover more sweet functions with this upgrade…. 🙂
Thanks to the team at WordPress for all your fine work!
Update Saturday 05 April
I decided to upgrade YoughalOnline.com WordPress version from 2.3.3 to 2.5 this morning using the excellent “WordPress Automatic Upgrade” plugin as recommended but not tested by Donncha at his blog.
The auto upgrade plugin does exactly what it says on the tin, it was a blistering fast upgrade all in all in around 5 mins I had installed the plugin and had my files and database backed up, the new 2.5 version files were installed and the icing on the cake was my plugins were re-activated. There was an automated process but I didn’t go with that route as I like to see what happens etc.
I would highly reccomend the auto-upgrade plugin, everything ran smooth!
I mentioned above “Just to note I have 7 various plugins on my blog and all work fine after re-activating them.” I must say I ran into a fatal error with the “Popularity Contest” plugin version 1.3b3 from Alex King.
To fix the error open popularity-contest.php and scroll down to line 59.
Replace require(’../../wp-blog-header.php’); with require(’../wp-blog-header.php’);
I’ve been a little quiet here on my blog lately, much of the reason is my time is being eating up with the new venture www.YoughalOnline.com. I spoke about this in a previous post well I just want to update on the happenings with that website.
We broadcasted the St. Patrick’s Day Parade 2008 live on the homepage of the site and it was a huge success. We had viewers watching live from the U.S.A, Australia, New Zealand, U.K, Germany, France, Spain, Poland, India, Canada & Ireland. although the live stream was 43mins long I edited the stream down to 9:50secs for the main parts which you can view below.
St. Patrick’s Day Parade Youghal Webcast
Below are some photos taken by my brother Gerard McCarthy of the event on the day. By the way thats myself on the DV camera.
We have posted 39 news articles including photos in less than 5 weeks and continue to post daily. The Online Video section of the site is proving very popular. Traffic to the site has increased by an average of 30% each week, which we are more than pleased. We are also getting local business interest in sponsored advertising so I will have to work on that strategy next!
That’s all for now…. short note: I have a nice “Band/Musicians” template module in the making which I will post up here for free download soon.
I’ve come to realise a strange pattern when booking ticket online using ticketmaster.ie First off when I am logged into my account with them and I’m searching for tickets why is it that I can never book the lower advertised (cheap seats) prices? its like those prices don’t exist for online users.
I say this as having bought quiet a lot of tickets this year alone from them. A recent example was buying 2 tickets for a friend for the “Prince” concert in Croke Park this summer. The morning of the sale I was logged in prior to the 8:00am ticket sale and as soon as online booking started I proceeded to book 2 tickets but no matter what way I tried to book I had no choice but pay the premium price of €126.50 + booking fee per ticket as apposed to the much cheaper €66.50 per ticket, I just don’t get it!
Same scenario booking tickets for “Wwe Raw – Wrestlemania Revenge Tour” Belfast, I’m taking my two sons to that event as they are completely into wrestling at the moment, well they’re aged 11 and 8 so it will be a mind blower for them, but tickets for that event were advertised at €20 and €55 per ticket and guess what Yep! I had no choice but pay the premium again online.
Anybody out there manage to book standard tickets with ticketmaster.ie online? I’d like to know?
YoughalOnline.com is the website for online community news, with fresh content, local news articles, and photos/video on a daily basis. Developed from an idea by Michael Hussey an excellent local photographer and journalist and myself coming from a web development background. The idea was to keep the content fresh and incorporate photos and video with the news articles, call it a news/photo/video blog. There are several other Youghal related websites but we felt neither updated their sites regularly and their content was stale.
Allowing people to comment and interact with news articles will be a welcome to some people as a way to air their views and also to get users opinions on local issues.
We are developing an online video section which will feature Youghal related videos from around the web coming from sites such as YouTube, Revver, MySpace, Bebo and many others. This video section will also feature live web cam events as they happen.
St. Patrick’s Day Parade, Youghal, 2008 – Live Web Broadcast
To launch the live video section of the site we are broadcasting this years St. Patricks Day parade live, this live cam event has been kindly sponsored by Youghal Bay Seafoods
The live video will also be available to view after the parade at YoughalOnline.com as we will have it archived for future viewing.
What this does is you input a start location and an end destination in the input boxes, press the start button and watch the journey animated with a small van icon.
It will display your current speed, mph, road names & routes as it plods along call it “sat nav” on the cheap… 🙂
I have a preset journey leaving from Patrick’s St, Cork, Ireland going to The Square, Blarney, Cork, Ireland but you can change the start and finish locations to your own liking.
What’s also interesting about this map is it will take you across channels e.g. I put Rosslare as start and Swansea as finish and it took me across the proper channel route and then continued on the roads in the UK!
Just a quick post to say I’ve been “up the walls” with various projects over the past few weeks, a nice tutorial is on its way of my experiences with Google Maps. I’ve been implementing the maps on a property site I’m developing at the moment and had a bit of fun pushing the possibilities there. Also started teaching “Digital Photography” & “Webpage Design” at the local school, these are adult night classes and take some time to prepare but I really like the challenge and of course returning to the basics myself.
I came across this really handy site to convert: PG, GIF, PNG, BMP, TIFF files to vector format, it’s a free online auto-tracer.
handy to keep an eye on for a cheap laptop or pc. They are refurbished and fully serviced and come with 12 month warranty. Some days there is 30 to 40 products available other days only 1 or 2. They are only available to Ireland or shall I say post to Ireland only. Any stories from people who have bought from here good or bad reviews would be interesting?
It’s less than 48 hours since I posted my last article “Free YouTube Video Downloader & Path To FLV Finder Tool” and today I noticed that the download tool has stopped working! At first I thought it was a code glitch, but no I checked everything out and it was clean? then I tried uploading the same scripts to a second server and yes it worked, I even tried the same scripts on a third server and it worked…. and one last shot was to try the scripts on a different domain but same server “Bump!” no joy…. 🙁
Could it be that YouTube/Google tracked the script page because of the Adsense banner? (maybe)… and the fact that a heap of trackback links from crap blog scrapers featured the article….. What to do now… Should I remove the scripts and links to it…. I’m not sure?