As per tradition, was in Fishy Fishy today for lunch. Still full.
It seems that if you use a certain url on the Aer Lingus site you can access the account details of whoever logged into some sections last. I logged into the Gold Circle section and when someone logged in after me the got the below details. I’m not the only one. Anyone that clicks on the url (which seems to be just a general url with session details) will see details of anyone who logged in last. I rang customer care who are not equipped to deal with this in fairness and they asked me to email in the url. Twenty mins later and I still can’t find an email address on their site that I can email. They seem to think fax is enough for Irish people. Oh and their Aer Lingus queries site is down so I can’t send in my “query” via there.
Not that I have much of a clue about security but it appears to be a simple session hikack, although not intentional. The url sent to me and others by someone linking to the Gold Circle page contained session details and for some reason when registering after that for Gold Circle and logging out, the next person in could see the details of the previous person. If they hadn’t logged out yet you got the screen cap from above but if they logged out you saw “just” their email address. A very obvious data breach.
The worrying thing is that this technique might be used to get even more details from accounts including credit card details. So on Easter Sunday I am told I should email this into customer care, if I can find their email details. I’m still looking.
Update: Email to customer care:
My personal data was accessed by other people.
My mobile number is +353
I already called about this at 3pm today. I was told to fill this form in. There has been a data security breach on your site which has ended up with my personal data being exposed via the Gold Circle section of Aer Lingus website. It has happened to others too and I believe they have made contact.
The clock started ticking for me at 3pm and I would like to be contacted and assured that this data breach is being taken seriously and that a report will be issued as to what happened. I would also like to be updated on the progression of the investigation of this issue.
I have also put this issue on my website: http://url.ie/aln and will be updating it as time goes by.
Update 2 @19:11 – Well Aer Lingus took down the site for a while but the issue is still there. James Galvin shared a url and when I clicked on it, I got his fake account details:
Including his credit card details, though he didn’t put them in:
The very worrying thing is that it was sheer accident that some of us happened upon this. Is this a temporary bug or has it been around all the time? Can session IDs be predicted?
(Eason’s Mahon Point Cork, filed under M for Major in Irish Fiction)
Figures from Nielsen BookScan have shown that Twenty Major’s first book “The Order of the Phoenix Park” have sold 536 copies up to March 15th. Given the book came out at the start of March, that’s very good going for the market in Ireland at this time of year. I believe these figures don’t include online sales either. Well done Twenty!
I read the book recently and I think it’s the first humour book I finished. I’m not a fan of humour in books, I’m not a fan of comedies at all apart from the League of Gentlemen. I don’t find many things at all funny (really) but I very much got a kick out of this book. I found it slightly hard to get into the book first as that ginger
avenger albino character freaked me out a little but I must say I was laughing out loud a lot of the time while reading it and chuckling away as I turned every page. It’s a great book and deserves greater attention. My favourite character is Grace Jones Taxi Driver. You’ll see. I really like that the Jimmy the Bollix character gets more attention too. There are some great bits in the book where the author plays with the reader too. I won’t say what but I liked that technique. Fourth wall and all that. Just a warning: I’m using the word cunt a lot more now after reading this book and I had been weaning myself off it. Not everyone will like this book because that whole thing about tastes and choices comes into play, not that would ever stop a reviewer using Twenty’s book as an excuse to attack their own inabilities or insecurities or the fact that Twenty now somehow represents all forms of blogging past, present or future.
You know what’s great too about the book? The way it’s pissing off so many print “journalists” and hacks. The same ones who work for papers that steal from blogs week in week out and fail to give any kind of attribution because that might give more credibility to blogging and show them up to be self-serving lazy cunts who rarely do any legwork anymore. Oh hang on, have I just made a mass generalisation here without doing proper research? Maybe this is what some people including bloggers mean by Irish blogging “getting there”? Getting to where? Being the same as everything else we had up to now? Joy. That’s worked.
Oh wow, my review of Twenty’s book has turned into a not so veiled attack on a whole group. Like rain on a wedding day.
So y’all might remember the movie Dogma and the new marketing campaign that the Catholic Church had where they brought in a friendlier version of Jesus called Buddy Christ.
Well Mr. and Mrs. LinkMap got married last year up the country in some wee village and the mural over the wall seemed very like something I had seen before:
See Suzy’s post on Something.ie ripping her off. They also rip off Politics In Ireland and were ripping off Limerick Blogger too and I think they’re stealing content from others too. Making money off the backs of people without respecting their IP is not on.
Boards.ie status update now on Twitter.
Get full access to the Wall Street Journal for free via a Firefox plugin. Oh yeah!
McCain staffer fired after Twittering an Obama video.
Easy money. Want to do web consultancy with Enterprise Ireland?
I bring many people to O’Connaill’s if they’ve never been before. This Cork based chocolatier make the best hot chocolate around and come the good weather (July 22nd – 24th in 2008) they’ll also be doing amazing chocolate milkshakes. They only use couverture chocolate in their products which makes them really nice. So many people (inc Cork natives) don’t know about the O’Connaill’s store on French Church Street in Cork and I often feel they could advertise the place much better by just changing their cups. This is one of the cups they use:
They already have queues out the door most Saturdays but generally that’s because they don’t have enough staff perhaps. They have gorgeous chocolates, amazing hot chocolate and they do nice coffees and other bits and pieces too. But they could use the people that visit them to get word out even more. I wonder if they did something like specially coloured cup tops or even the coffee holders with their name or some design which would get attention, could they spread the word more? Not so much boutique cups and chocs, though they are luxury at a good price but something setting them apart. Or are they happy with the business they currently have?
Imagine a chocolatier where it’s not just the experience of the damned fine chocolate that makes them great but the kick of introducing new people to them too? Imagine any product being able to get customers to do that? Is this what Apple does in a way? Every iPhone buyer seems to be an evangelist, is every Vista buyer? Apart from an awesome product, how do you make it easy for a customer to be an evangelist for it?