Damien Mulley

It seems that if you use a certain url on the Aer Lingus site you can access the account details of whoever logged into some sections last. I logged into the Gold Circle section and when someone logged in after me the got the below details. I’m not the only one. Anyone that clicks on the url (which seems to be just a general url with session details) will see details of anyone who logged in last. I rang customer care who are not equipped to deal with this in fairness and they asked me to email in the url. Twenty mins later and I still can’t find an email address on their site that I can email. They seem to think fax is enough for Irish people. Oh and their Aer Lingus queries site is down so I can’t send in my “query” via there.

Aer Lingus Hijack

Not that I have much of a clue about security but it appears to be a simple session hikack, although not intentional. The url sent to me and others by someone linking to the Gold Circle page contained session details and for some reason when registering after that for Gold Circle and logging out, the next person in could see the details of the previous person. If they hadn’t logged out yet you got the screen cap from above but if they logged out you saw “just” their email address. A very obvious data breach.

The worrying thing is that this technique might be used to get even more details from accounts including credit card details. So on Easter Sunday I am told I should email this into customer care, if I can find their email details. I’m still looking.

Update: Email to customer care:

My personal data was accessed by other people.

My mobile number is +353

I already called about this at 3pm today. I was told to fill this form in. There has been a data security breach on your site which has ended up with my personal data being exposed via the Gold Circle section of Aer Lingus website. It has happened to others too and I believe they have made contact.

The clock started ticking for me at 3pm and I would like to be contacted and assured that this data breach is being taken seriously and that a report will be issued as to what happened. I would also like to be updated on the progression of the investigation of this issue.

I have also put this issue on my website: http://url.ie/aln and will be updating it as time goes by.

Thank you.
Damien Mulley

Update 2 @19:11 – Well Aer Lingus took down the site for a while but the issue is still there. James Galvin shared a url and when I clicked on it, I got his fake account details:
Aer Lingus Hijack

Including his credit card details, though he didn’t put them in:
Aer Lingus Hijack

The very worrying thing is that it was sheer accident that some of us happened upon this. Is this a temporary bug or has it been around all the time? Can session IDs be predicted?

Posted in irishblogs, technology | 17 Comments »

Sales Figures for Twenty Major’s First Book – 536 til March 15th

Saturday, March 22nd, 2008

(Eason’s Mahon Point Cork, filed under M for Major in Irish Fiction)

Figures from Nielsen BookScan have shown that Twenty Major’s first book “The Order of the Phoenix Park” have sold 536 copies up to March 15th. Given the book came out at the start of March, that’s very good going for the market in Ireland at this time of year. I believe these figures don’t include online sales either. Well done Twenty!

I read the book recently and I think it’s the first humour book I finished. I’m not a fan of humour in books, I’m not a fan of comedies at all apart from the League of Gentlemen. I don’t find many things at all funny (really) but I very much got a kick out of this book. I found it slightly hard to get into the book first as that ginger ~~avenger~~ albino character freaked me out a little but I must say I was laughing out loud a lot of the time while reading it and chuckling away as I turned every page. It’s a great book and deserves greater attention. My favourite character is Grace Jones Taxi Driver. You’ll see. I really like that the Jimmy the Bollix character gets more attention too. There are some great bits in the book where the author plays with the reader too. I won’t say what but I liked that technique. Fourth wall and all that. Just a warning: I’m using the word cunt a lot more now after reading this book and I had been weaning myself off it. Not everyone will like this book because that whole thing about tastes and choices comes into play, not that would ever stop a reviewer using Twenty’s book as an excuse to attack their own inabilities or insecurities or the fact that Twenty now somehow represents all forms of blogging past, present or future.

You know what’s great too about the book? The way it’s pissing off so many print “journalists” and hacks. The same ones who work for papers that steal from blogs week in week out and fail to give any kind of attribution because that might give more credibility to blogging and show them up to be self-serving lazy cunts who rarely do any legwork anymore. Oh hang on, have I just made a mass generalisation here without doing proper research? Maybe this is what some people including bloggers mean by Irish blogging “getting there”? Getting to where? Being the same as everything else we had up to now? Joy. That’s worked.

Oh wow, my review of Twenty’s book has turned into a not so veiled attack on a whole group. Like rain on a wedding day.

Posted in business, irishblogs | 5 Comments »

Buddy Christs

Saturday, March 22nd, 2008

So y’all might remember the movie Dogma and the new marketing campaign that the Catholic Church had where they brought in a friendlier version of Jesus called Buddy Christ.

Buddy Christ

Well Mr. and Mrs. LinkMap got married last year up the country in some wee village and the mural over the wall seemed very like something I had seen before:
Buddy Christ

Posted in funny, irishblogs | 5 Comments »

Something.ie are thieving from bloggers.

Friday, March 21st, 2008

See Suzy’s post on Something.ie ripping her off. They also rip off Politics In Ireland and were ripping off Limerick Blogger too and I think they’re stealing content from others too. Making money off the backs of people without respecting their IP is not on.

Posted in business, irishblogs | 13 Comments »