“You dirty slut!” came the shout from outside. It was so loud in fact that I thought it had come from my own garden so I popped open the skylight to have a look and see what was going on. I looked down and I saw a girl walking down the street on her mobile phone, clearly having an argument with her boyfriend, but I think its good for him that they weren’t in the same room - I’ve never heard a voice so loud!

Now that I could hear the true volume of the outburst, given that the pane of double glazing had been removed, I was rather glad I was 3 floors above street level! As I was contemplating closing the window and having a little chuckle about it all in private I heard the skylight on the roof of the next door house click open and saw a head pop out. As we noticed each other there was a brief moment of surprise and then we just started laughing; its amazing how nosy something out of the ordinary makes you and yet you only realise you’re being nosy when someone catches you at it. What was so funny in this case though is that we both had exactly the same idea - she’d thought the noise was in her garden also, and there was no way of hiding our nosy intentions.

For the sake of the sanity of the rest of those who study or work in the School of Computing please stop trolling on the newsgroups. Its annoying, wastes time and doesn’t help anyone, least of all yourself. That is all.

The first iteration of our group software development project is over which means we had to submit a project plan for the rest of it. Things look very promising; the timing works out almost perfectly as we have two weeks leway at the end in case there are any overruns and we need to adjust things and we have allocated slightly over the amount of time we think things will take to each task and we are still under the overall number of man hours we are supposed to take for the project.

I guess it could be said that this all looks far too neat and that there are bound to be complications when we start coding in earnest, but I guess we will just have to wait and see on that one. What is a shame is how much other coursework we have on top of the project, but thats life I guess - full steam ahead!

You would have thought that hard core dance music would be confined to a nightclub, or perhaps your own front room at a push if you were throwing your own party and the guests were that way inclined. You would be wrong however as in the DEC-10 computer lab the other night while I was trying to concentrate on coursework someone over on the windows machines (a coincidence perhaps?) decided it would be a great idea to play a dance music radio station as loud as the tinny little internal speaker of the machine he was seated at would go.

This is both inconsiderate and darn right annoying to boot. If you want to listen to music in the computer labs there are headphone sockets on the front of all the machines, its not like a small, portable set of headphones isn’t cheap either. Seriously, do people have no thoughts for those who prefer silence or the sound of their own music in their headphones to work to? *sigh*

All attempts to contact ebay about this issue/vulnerability through publicised channels proved to be in vain as I got no decent response or action on any of them, so I’m publicising it here in the hope someone who can actually get hold of ebay will let them know. I’m not going to give precise details of the exploit so that anyone could do it, but I’m going to provide enough details so that the risk is made clear to anyone with half a brain (which, judging by the responses I got from ebay staff, they don’t have).

We’ve all heard of spoof e-mails with a link to a fake site that looks like ebay in an attempt to grab peoples ebay logins, but imagine if it was possible to send a link out to people in an e-mail or ebay message that did exactly the same but where the link actually was based at the ebay.com domain. You’ve guessed it, it is in fact possible to do just that.

In various places around the eBay website there are redirects in place, that is to say some code behind the scenes checks to see if a number of things are true before allowing a user to visit a particular page or group of pages and if they are not, redirect a user to another page on eBay first. A truely secure site would ensure that the URL to redirect to was one from inside the eBay domain, but it doesn’t. In fact it allows you to place any link there at all.

What this means is that if a suitable redirect is chosen and a spoof website link is placed in as a part of it, you can send people links in the eBay message system that look to be to a location on the eBay site because of how the URLs start. If the message implies a user may have to sign-in again, the user may not even think its suspicious that the login screen comes up, indeed even if the message didn’t say you would need to login, you need to do it so frequently on the site anyway they would probably still get away with it.

Now while this doesn’t mean every person would fall for it, it certainly makes it more likely you would, especially if you were in a hurry. So what can we do about it? All of you reading this, send a message to eBay. At the very least it will increase their mail volumes which will make me feel better considering how they ignored me, and at best they will finally see that something is wrong. Failing that, just don’t fall victim to this one yourselves! If you see a login screen on eBay check the URL every single time to make sure its legit, even if the link you just clicked on was legit!

For those wondering if I fell for this, no, I didn’t, in fact I don’t believe its being properly exploited yet. I discovered this by somone sending me a legitimate link where they had mistyped the redirect part of the URL and I noticed the potential for damage when I clicked on the malformed link and ended up outside of eBay.