Archive for March, 2008

Aer Lingus site Privacy screw up – Giving up your personal account details

Sunday, March 23rd, 2008

It seems that if you use a certain url on the Aer Lingus site you can access the account details of whoever logged into some sections last. I logged into the Gold Circle section and when someone logged in after me the got the below details. I’m not the only one. Anyone that clicks on the url (which seems to be just a general url with session details) will see details of anyone who logged in last. I rang customer care who are not equipped to deal with this in fairness and they asked me to email in the url. Twenty mins later and I still can’t find an email address on their site that I can email. They seem to think fax is enough for Irish people. Oh and their Aer Lingus queries site is down so I can’t send in my “query” via there.

Aer Lingus Hijack

Not that I have much of a clue about security but it appears to be a simple session hikack, although not intentional. The url sent to me and others by someone linking to the Gold Circle page contained session details and for some reason when registering after that for Gold Circle and logging out, the next person in could see the details of the previous person. If they hadn’t logged out yet you got the screen cap from above but if they logged out you saw “just” their email address. A very obvious data breach.

The worrying thing is that this technique might be used to get even more details from accounts including credit card details. So on Easter Sunday I am told I should email this into customer care, if I can find their email details. I’m still looking.

Update: Email to customer care:

My personal data was accessed by other people.

My mobile number is +353

I already called about this at 3pm today. I was told to fill this form in. There has been a data security breach on your site which has ended up with my personal data being exposed via the Gold Circle section of Aer Lingus website. It has happened to others too and I believe they have made contact.

The clock started ticking for me at 3pm and I would like to be contacted and assured that this data breach is being taken seriously and that a report will be issued as to what happened. I would also like to be updated on the progression of the investigation of this issue.

I have also put this issue on my website: and will be updating it as time goes by.

Thank you.
Damien Mulley

Update 2 @19:11 – Well Aer Lingus took down the site for a while but the issue is still there. James Galvin shared a url and when I clicked on it, I got his fake account details:
Aer Lingus Hijack

Including his credit card details, though he didn’t put them in:
Aer Lingus Hijack

The very worrying thing is that it was sheer accident that some of us happened upon this. Is this a temporary bug or has it been around all the time? Can session IDs be predicted?

Sales Figures for Twenty Major’s First Book – 536 til March 15th

Saturday, March 22nd, 2008


(Eason’s Mahon Point Cork, filed under M for Major in Irish Fiction)

Figures from Nielsen BookScan have shown that Twenty Major’s first book “The Order of the Phoenix Park” have sold 536 copies up to March 15th. Given the book came out at the start of March, that’s very good going for the market in Ireland at this time of year. I believe these figures don’t include online sales either. Well done Twenty!

I read the book recently and I think it’s the first humour book I finished. I’m not a fan of humour in books, I’m not a fan of comedies at all apart from the League of Gentlemen. I don’t find many things at all funny (really) but I very much got a kick out of this book. I found it slightly hard to get into the book first as that ginger avenger albino character freaked me out a little but I must say I was laughing out loud a lot of the time while reading it and chuckling away as I turned every page. It’s a great book and deserves greater attention. My favourite character is Grace Jones Taxi Driver. You’ll see. I really like that the Jimmy the Bollix character gets more attention too. There are some great bits in the book where the author plays with the reader too. I won’t say what but I liked that technique. Fourth wall and all that. Just a warning: I’m using the word cunt a lot more now after reading this book and I had been weaning myself off it. Not everyone will like this book because that whole thing about tastes and choices comes into play, not that would ever stop a reviewer using Twenty’s book as an excuse to attack their own inabilities or insecurities or the fact that Twenty now somehow represents all forms of blogging past, present or future.

You know what’s great too about the book? The way it’s pissing off so many print “journalists” and hacks. The same ones who work for papers that steal from blogs week in week out and fail to give any kind of attribution because that might give more credibility to blogging and show them up to be self-serving lazy cunts who rarely do any legwork anymore. Oh hang on, have I just made a mass generalisation here without doing proper research? Maybe this is what some people including bloggers mean by Irish blogging “getting there”? Getting to where? Being the same as everything else we had up to now? Joy. That’s worked.

Oh wow, my review of Twenty’s book has turned into a not so veiled attack on a whole group. Like rain on a wedding day.

Buddy Christs

Saturday, March 22nd, 2008

So y’all might remember the movie Dogma and the new marketing campaign that the Catholic Church had where they brought in a friendlier version of Jesus called Buddy Christ.

Buddy Christ

Well Mr. and Mrs. LinkMap got married last year up the country in some wee village and the mural over the wall seemed very like something I had seen before:
Buddy Christ are thieving from bloggers.

Friday, March 21st, 2008

See Suzy’s post on ripping her off. They also rip off Politics In Ireland and were ripping off Limerick Blogger too and I think they’re stealing content from others too. Making money off the backs of people without respecting their IP is not on.

Fluffy Links – Friday March 21st 2008 (special nails on cross edition)

Friday, March 21st, 2008 status update now on Twitter.

Get full access to the Wall Street Journal for free via a Firefox plugin. Oh yeah!

Leccy picnic lineup out Wednesday.

Old tech is insecure tech.

McCain staffer fired after Twittering an Obama video.

Easy money. Want to do web consultancy with Enterprise Ireland?

Via Brian Greene:
Blog Awards and Balloons

Via Daithí and B3ta, first live on screen hack:

Good Friday Post of the Day

Friday, March 21st, 2008

Via Piaras is Conall McDevitt’s insider experience of the formulation of the Good Friday Agreement. Very much worth a read.

Best Hot Chocolate in Ireland branded so poorly

Friday, March 21st, 2008

I bring many people to O’Connaill’s if they’ve never been before. This Cork based chocolatier make the best hot chocolate around and come the good weather (July 22nd – 24th in 2008) they’ll also be doing amazing chocolate milkshakes. They only use couverture chocolate in their products which makes them really nice. So many people (inc Cork natives) don’t know about the O’Connaill’s store on French Church Street in Cork and I often feel they could advertise the place much better by just changing their cups. This is one of the cups they use:


They already have queues out the door most Saturdays but generally that’s because they don’t have enough staff perhaps. They have gorgeous chocolates, amazing hot chocolate and they do nice coffees and other bits and pieces too. But they could use the people that visit them to get word out even more. I wonder if they did something like specially coloured cup tops or even the coffee holders with their name or some design which would get attention, could they spread the word more? Not so much boutique cups and chocs, though they are luxury at a good price but something setting them apart. Or are they happy with the business they currently have?

Imagine a chocolatier where it’s not just the experience of the damned fine chocolate that makes them great but the kick of introducing new people to them too? Imagine any product being able to get customers to do that? Is this what Apple does in a way? Every iPhone buyer seems to be an evangelist, is every Vista buyer? Apart from an awesome product, how do you make it easy for a customer to be an evangelist for it?

Stephen Ireland’s motor

Thursday, March 20th, 2008

Via the folks at Linfield FC

There's class, there's crass and then there's this

See, I can do sport too?


Thursday, March 20th, 2008

Tom Kitt let out a yelp or depending on your view, a swipe at bloggers recently. I think perhaps Gavin could be fully or partially to blame for this.

Indeed, this also holds for the democratic processes themselves where simply facilitating those who want to be heard is not good enough where we need to ensure that we are not overly swayed by obsessive bloggers where we have to make sure that those who do not have the time or the inclination to voice their views and opinions in public, can still get continued democratic representation.

He’s been hunting down Bertie and Fianna Fail and their associates for a good bit now via his own blog and Public Inquiry too along of course with his Uncle, Anthony. Of late too have been those fantastic VHS to YouTube/Google video conversions with some very embarrassing past utterances from Pee Flynn and the Bertmesiter himself. You can get some of them here.

Kitt’s statement the other day was the closest to “and we would have gotten away with it if it wasn’t for you pesky kids”. How Scooby. Well done Gavin and Anthony for keeping at it and making a public record of all this Mahon Tribunal stuff.

Fluffy Links – Thursday March 20th 2008

Thursday, March 20th, 2008

JazzBiscuit always has something good. G’wan over.

Shane on journo schools. And loadsa comments.

The Nine Billion names of God.

Turn YouTube into RollTube.

Yes. We Rick rolled the Apple Store in Regent Street:

Steve Jobs interviewed in Forbes. Just quotes no opinion from the journo. If that mentality in the company is true than it sounds like an exciting though intense place to work.

mmm Guinness cupcakes.

DMX doesn’t know who Barack Obama is.

Ambient Skype. Interesting idea. Might be a good idea too for a company with a few small offices around the world.

Does Google really have 76% market share in search in Ireland?