Jack’s the Lad…
A good start to the New Year; a gentle reminder that the 50% of the population bearing XY chromosomes are not all feral youth, tattooed along the neckline, engaged in abusive behaviour towards repressed females. Some of them are mighty useful members of the world population.
Don’t expect this story to feature heavily in the main stream media. ‘Jack’ doesn’t appear to have fathered 14 children, isn’t on the dole, hasn’t stabbed anyone; he’s a student – and perish the thought, isn’t out demonstrating against the ‘cuts’, hasn’t thrown a fire extinguisher off any buildings, nor has he been unfairly targeted by our Police.
He’s bright, hard working, and responsible. What could possibly be interesting about Jack you wonder?
Jack Jenkins is a final year business studies and IT student at Aberystwyth University. Back in October 2012, Jack was quietly learning how to do data flow diagrams, how to put information together. He was part of a group of students engaged in a project to dream up and evaluate a business plan for a new mobile app. A lot of the work had to be done in their spare time – not a popular notion amongst students. They learnt how to evaluate risk, security issues and privacy concerns. They looked at how other companies do just that.
Come Christmas, they all went home; to party and relax. To forget everything they had been taught, pausing only to ‘revise’ two hours before their exams. Not Jack though. He went on poking and prodding into on-line products, working out how they were constructed.
Which is how he came to be looking at Facebook on New Years Eve. Not to announce where he would be getting drunk, or how many girls he expected to have draped around his neck – but how they had constructed their new app – the Facebook ‘Midnight Delivery‘ app. Hey! The mighty Facebook; the world dominating example of how to construct a useful app – built by experts in the business. Surely Jack could learn something from them?
Indeed he did! He learnt that they had missed that all important October lecture on evaluating security risks…
With a minimum of prodding and poking, for Facebook had used sequential IDs, Jack was able to access messages and personal photographs that other Facebook users had sent to Facebook for delivery to named recipients at midnight. Not only to access them, but to delete some of them too.
He sat down and wrote a blog post, detailing exactly how this had occurred and sent it to Facebook. It was clear and concise, a perfect example of how to present information.
Facebook took notice and removed the app from their site. Jack was perfectly correct – they did have a massive security flaw in their work.
It’s just as well that Jack didn’t follow the example of his fellow welshman, Steven Nott.
14 years ago, yes, I did say 14 years ago, Steven discovered that Vodophone had sent all their new mobile phones out of the factory with the same password to access messages. 1234. Steven was so concerned about this that he contacted The Sun newspaper and News International to inform them of this security flaw. They were fascinated, invited Steven up to their offices to show them how this worked. They never published the story. They did publish a string of stories that appear to have been gained by accessing private voicemail messages using the code 1234…
An event now known as Hackgate, which has just cost us £2 million quid, and hundreds of decent journalists their jobs.
Jack had the wit to send his blog post to The Verge, and in turn the story was picked up by The Los Angeles Times. The mighty Facebook had been humbled by a British student, and forced to go back to the drawing board and rework their app. Belatedly, The Guardian picked up on the story – only in their technology section. It seems the story was only of interest to geeks concerned with Facebook’s security flaws.
Now if Jack had had the wit to drunkenly swing off the Cenotaph, or flog his virginity for $780,000, he could have had his picture on the front page of every newspaper…
“British student still hard at work on New Years Eve” just doesn’t cut it. He was still beavering away last night answering my e-mails.
If you’ve got the time folks, send the young man an e-mail; congratulate him. Offer him a job come next June if you are in a position to; there aren’t too many Jack Jenkins around.
jcj9@aber.ac.uk is the address you want.
Well done Jack! If you’ve got a hangover this morning, you deserve it.
- January 3, 2013 at 05:57
-
Great Story Anna. Thanks to hard working students like Jack Jenkins. The
world wide web is made a better place. Safety is a big issue and Jack has
proven to an essential part of its stability.
- January 2, 2013 at 00:00
-
Proof, if any were needed that Facebook and Twitter are to be avoided at
all costs.
Twitter… Isn’t that where all those footballers like Joey Barton and silly
people like Sally Bercow hang out? If that’s the level of intellect include me
out…
Facebook… Who the hell cares what you, personally, had for lunch or where
you went on holiday this year? Sounds like watching paint dry…
For once, I think David Cameron had things right when he opined that ‘…Too
many tweets might make a T#@£’.
Happy New Year everyone!
- January 1, 2013 at 23:27
-
Thank you for the mention here and for the kind words! Happy new year to
you. Don’t worry, I’m ecstatic with the attention it’s received online
- January 1, 2013 at 20:40
-
Thank you landlady for a smidgen of good news, it has become a rare and
precious commodity especially from Wales.
I wonder if Jack’s mum has a friend in the Guardian (like a certain
Cenotaph desecrator) to ensure sympathetic (or any kind of) follow-up
stories?
And well done Jack from preventing future stories of execrable “actors”,
“comedians”, and “politicians” whining about therir celphone photographs being
“hacked”.
- January 1, 2013 at 13:21
-
Social networking sites (and others) tend to start from the premise that
everything is public and require you to set preferences for the thing’s you
*don’t* want to share. It pays to check privacy and security settings before
you start using a new site.
- January 1, 2013 at 13:22
-
Oops – I wish there was an Edit button … “things”, not “thing’s”!
- January 1, 2013 at 14:17
-
Social networks (especially Facebook) are about selling you to the
targeted advertising industry, and making the founders (especially
Zuckerberg) exceedingly rich people. Anything you put on there is considered
fair game for this purpose.
That’s why I don’t use or visit Facebook – they insist on registration
before allowing access – or bother with Twitter.
- January 1, 2013 at 13:22
- January 1, 2013 at 13:17
-
@Blue Eyes
Check your Twitter profile, and turn off “Send to Facebook”, you have full
control over this.
- January 1, 2013 at 12:10
-
Oops! Facebook is a very dodgy site. Just this morning I signed up a new
Twitter account and without any further ado it had posted my test tweet onto
my Facebook. WTF?
- January 1, 2013 at 12:01
-
Happy New Year Anna.
-
January 1, 2013 at 11:21
-
Boy, are you quick in picking up good stories! Don’t stop. Happy new
year.
I’ve not had sympathy for media personalities who had their personal
matters publicised for want of changing a default four digit code on
voicemail. I say they should have known better. Even then. When you may be of
interest to the media and want to control what they get to have on you as best
you can, you fit blinds, and draw the curtains in the evening. Nor does
trying1234 or 0000 ever merit being described as hacking. in my view.
-
January 1, 2013 at 14:45
-
And your view is entirely correct.
Sadly, playing ‘guess the number’ doesn’t sound sufficiently scary for a
headline.
-
-
January 1, 2013 at 10:56
-
Nice one Anna.. and Jack
{ 14 comments }