How Not to Handle a Security Breach

A few months ago I wrote about how I had gained access to 82 separate hotel IPTV systems within an hour or so. What I didn't mention in that post was that I actually discovered the issue around 6 months before that post was published, but had spent the intervening…

#Tags: hacking, iptv

Hacking 82 Hotel TV Systems in 82 Minutes or Less

Security is hard to get right, there's no question about that.  But sometimes you come across things that are just so simply insecure that it's clear nobody put any thought into security - and there's no excuse for that, especially when it's done by a company that claims to "specialise…

#Tags: hacking, iptv

XtremIO X2 Snapshots - REST API

(If you're not familiar with the XtremIO REST API I'd suggest first reading my posts on using it, in particular part 3 where I covered Snapshots) I wrote previously about some of the changes to Snapshots in X2. A number of corresponding changes were also made to the REST API,…

#Tags:

XtremIO X2 Snapshots

I've written previously about using snapshots on XtremIO, however things have changed a little with XtremIO X2 so it's time for an update. Snapshot TypesPreviously when taking a snapshot you could elect to take either a "read-only" or "read-write" snapshot. The result was basically the same, with the obvious difference…

#Tags:

United Airlines Bug Bounty Program

Around 4 years ago United Airlines launched a "Bug Bounty" program. Bug bounty programs are becoming more and more common as a way of companies rewarding people for reporting security issues that they discover on their website. Those rewards generally take the form of a cash payment, or sometimes just…

#Tags:

United Airlines Mileage Plus/Points.com Information Disclosure

(Update: Less than 24 hours after posting this blog entry United Airlines fixed the problem described, and a password is now required to access the site in question.  It's a pity it took over 18 months and eventually public disclosure to get the issue fixed, but at least it is…

#Tags: united airlines, security, travel