Hack
Had to be done – News of the World 404
Jul 7th
Couldnt resist a bit of mockery, quick taking of the Michael out of News of the World with a classic 404 edited.
~Shepy
Travelodge UK hack update & official statement
Jun 23rd
This is an update to a previous post, so if you haven’t already then you may want to read the original post first (new window).
I just received a call from a friend saying they had received an email from Travelodge, which said that no data had been sold. I asked him to forward it here so that I could share it, and in the meantime while I was waiting for it to arrive I checked the Travelodge UK twitter feed, which offers:
@TravelodgeUK Hi there. Please click here for a full update on the issue of spam emails http://ow.ly/5oSh4 #travelbotch #travelodge #spam which I will copy the content of here for you;
Dear Customer,
Our main priority is to ensure the security of our customers’ data, which is why I wanted to
make you aware, that a small number of you; may have received a spam email via the email
address you have registered with us.Please be assured, we have not sold any customer data and no financial information has
been compromised.All financial data (including credit card information) is compliant with current best practice
standards and is audited to PCI (Payment Card Industry) requirements.The safety and security of your personal information is of the upmost importance to us and as
a result we are currently conducting a comprehensive investigation into this issue.If you receive an email similar to the one detailed below, please delete it as spam.
Good day.
Don’t miss exciting career opening.
The company is seeking for self-motivated people in United Kingdom to help us spread out
our activity in the UK area.Conditions:
– Full age United Kingdom resident
– Only basic knowledge of Internet & computer.
– Free access to personal e-mail box
– 2-3 free hours per day
– Immediate replies on our written requests
– good organizational skills.You can without problem connect our work with your primary activity.
Brilliant income ability. Free training available.
Applicants must be smart and commerce motivated. Working only some hours per day.
Any person residing in the United Kingdom can be our representative.
Our manager will contact you within few hours if you attracted.
—————-
Local News: from paris, with love who’s the toast of the airport show.If you have any questions regarding this matter please email: andrea@travelodge.co.uk. A
further update will be given, when we have completed our investigation.Guy Parsons
Chief Executive
The update is basically the same as what has started going out on email.
Whilst I appreciate that the update states no financial information has been compromised and adheres to PCI standards, this still doesn’t sit well with me.
Mainly because;
If they have been compromised enough to steal customer names and email addresses, how are they so sure that financial information has not been taken also?
If safety and security of personal data is of utmost importance, why did it take people complaining on Twitter etc to highlight the situation and get this half update?
What information has been compromised, though a full investigation will take a wee while it would still be more re-assuring to know what they know so far. By saying “no financial information has been compromised” they are, through omission of discussing other details, saying that some data has been compromised.
It is ignorant to think that just because financial information has (claimed) not to have been accessed, that it is unimportant to announce what HAS been accessed. Having name, address and other such details is just as worrying in regards to identity theft. Have passwords been compromised, it makes no mention of these, and some people may have used the same password on Travelodge as they have on other sites.
This ‘update’ is nothing more than fire fighting to try and calm the situation and save face in my opinion, and leaves more questions open than it answers.
~Shepy
Are Travelodge UK selling data, or have they been hacked?
Jun 23rd
I received an email last night which suggests that Travelodge UK have either began selling their customer database, or have had their security compromised. The mail I received was:
From: Ena Walton To: <***@shepy.co.uk> Subject: Richard Shepherd Date: Wed, 22 Jun 2011 19:12:14 +0000 Good day. Don't miss exciting profession opportunity. Our Corporation is looking for energetic representative in United Kingdom to help us spread out our activity in the UK sector. Required Skills: - 18+ United Kingdom resident - Only basic knowledge of Internet & computer. - Free access to personal e-mail box - 2-3 free hours per day - Immediate replies on our written requests - good organizational talents. You can without problem combine our work with your primary work. Great income ability. Free instruction available. Those who are interested must be fair and business motivated. Operate only some hours per day. Everyone residing in the United Kingdom can be our agent. Our manager will e-mail you within several if you attracted.
The eagle eyed among you will notice that the subject is my full name, which is not what you would expect me to see in spam, which caused me to look a little closer and see that the email address to which it was sent is actually one that I have only ever provided to Travelodge UK.
I put out a tweet last night saying “Dear @TravelodgeUK I’ll not be staying with you again as you sold my email address to spammers, and it was a unique mail addy only you have.” and then this morning got a reply from @benjymous providing the email address for the CEO of Travelodge, and suggesting that I was not the only person with this problem.
Following suit from @zoeimogen I have sent an email to the CEO of Travelodge, stating the following:
Dear Sir, Yesterday evening I received a spam email from a company, which was interesting in the fact that it had my full name as the subject of the email, certainly unusual for spam. Looking closer in to this I notice that the email address it was sent to is an email address that I have only ever provided to Travelodge. This leads me to one of two conclusions. 1) You are in the business of selling customer details and databases 2) Your systems have been compromised and customer details have been exposed. I would therefore like confirmation if my details have been sold or provided to third parties or if the security of the data has been compromised. To the best of my knowledge I gave no such permission for data to be passed to a third party, and habitually tick the box to not be contacted for promotion or third parties when registering with a site. As the subject of personally identifiable data I have the right under the data protection act to know if my data is being handled correctly and in accordance with the reason for which it was provided, and nothing else. If the data was sold I would like confirmation that I authorised this to happen, and no doubt will be following this up with a data protection request to view all information held on me and how it has been processed. If you have suffered a security compromise and data has been obtained by unauthorized access I would like to know which data is stored in the systems that have been broken in to, such as address, billing etc. The mail address used to register with yourself was ***@shepy.co.uk I eagerly await your response. If i receive no reply within 72 hours I shall be raising a complaint with the ICO. Regards Richard Shepherd
Hopefully myself and others will receive a reply soon, and if so I will obviously follow up this post with an update.
UPDATE:
Well Travelodge has been thus far silent with consumers, but El Reg is reporting and also Travelodge say themselves “Sorry for the spam email you may have received. We have NOT sold any data. We’re currently investigating this issue and will update you ASAP”, which basically means this is either a leak or a hack, neither of which is very reassuring and confirms that someone has had unauthorised access to the data, the question now is to what extent and what data?
If you’ve seen any of this spam, there is a hashtag at #travelbotch you can monitor / join in to keep updated.
UPDATE #2:
More on this on another post at http://www.shepy.co.uk/blog/2011/06/travelodge-uk-hack-update-official-statement/
~Shepy
Using technology to aid the planet
Nov 16th
Sony and the WWF have teamed up to launche the Open Planet Ideas initiative, which aims to encourage people to think of new and innovative ways in which we can use technology to make better use of our natural resources, aid the planet and help it's inhabitants, organised into a few different concepts. I had a quick spy through the current technologies they have on the site, as suggestions for items which could be used (among others) to see if there was anything I could come up with, and was quite impressed with some of the items there. Things such as facial recognition and presence sensing in a TV so that it could dim the screen if you leave the room, or turn off if you fall asleep (I know i could have used that plenty in the past!)
Another one that struck me as quite interesting was a dye sensitized solar cell, which is a solar panel but not in the sense that most people would recognise one. Rather than being a traditional photo voltaic cell which is usually green or orange, these things can be made in pretty patterns, designs and even transparent, which got me thinking. I came up with:
Self Charging Mobile
What about if the glass on your mobile phone, or any other mobile device was made out of this dye sensitized solar cell material. It would mean the device could be trickle charging all day long, and while this might not mean it could replace the normal charge altogether it might perhaps get you an extra hour or two of use in a normal day, and who wouldn't want that?
Not only would it mean I could go longer without having to worry about getting to a charge point, but for people who don't have regular reliable access to power such as in third world countries, or when travelling etc, it could mean the difference between being able to make that important call, or not.
Most importantly though, every watt of power taken from the sun and solar energy is a watt of power not needed from the national grid, from fossil fuels and other non-renewable resources for it's production and I've no doubt that I don't need to explain the necessity of that to anyone.
What is even more interesting about these dye sensitized solar cells is that they have reduced energy consumption and CO2 emissions during manufacture compared with conventional silicon solar cells so are an even cleaner form of solar energy, and a higher efficiency for light to electricity conversion as well, so potentially would be better at charging your mobile than some of the solar charging options out there. I'd welcome comments and improvements from anyone, so go look at my idea and give me your input,
Crowd sourcing is becoming ever more popular, and used in a plethora of different ways, and I really like it when I see it being used for something like this. I encourage you all to head over to the site and at least find find out more about Open Planet Ideas , read the challenge brief or even better become part of it, try to make a difference and join the challenge.
Comments and suggestions always welcome
~Shepy
Make: A photoshop quick access keypad
Nov 9th
As you can imagine with the amount of photography posts on this blog, I spend a fair amount of time in Photoshop. Like most people using Photoshop, there are a number of tools and actions that I use far more regularly than others, so I thought it would be nice to have quick access to these on a keypad, so I don’t always have to go to the toolbar to activate them. Yes, I know I could use the standard keyboard and shortcut keys, but I just prefer having them on a dedicated and more visual pad than the standard qwerty. Having an old numeric keypad laying about, and having played with AutoHotKey a fair bit recently, I decided to set about reconfiguring the pad to activate my most common used tools when in photoshop. Here is the result:
The icons you don’t recognise at the bottom are just mapped to a few custom photoshop actions. The – and + keys increase and decrease the brush size.
The key tops are just printed on card, ‘lacquered’ with clear nail varnish to protect the ink a bit, and then glued to the numpad keys. At the moment it’s dedicated to Photoshop, but I’m considering re-printing the tops and having them dual use for Photoshop and Bridge. It’s not the most beautiful thing in the world, granted, but it does the job well and it will suffice for now till I feel justified in buying an Optimus OLED keyboard :P
The AHK script and icon for anyone who is interested, can be downloaded here: PS-Pad
~Shepy