Music – Popularity

Recently I have been thinking a lot about music on radio stations and music in the UK Top40. Not because is like it, but because I am sceptical of it.

Popularity is a huge thing in the UK, and what I noticed about many people is that they only listen to music in the Top 40 and on radio stations because it is popular. They don’t care about whether it is good or not. It’s all about popularity.

The many reasons why I don’t like music in the UK Top40

  1. Most of them are talentless and use auto tune. Just look at this for example!
  2. They get repeated EVERY SINGLE LESSON at my school.
  3. I don’t particular like Future Bass / Deep House, which is in a lot of songs in the Top 40.
  4. Most of them are repetitive.
  5. Everyone thinks they are cool because they listen to it.
  6. They also think that because something has not got a lot of views, that it is rubbish.
  7. Most people only listen to it if it is mainstream or popular.

6 – Extra: I can think of many songs that are not in the Top 40 and are amazing! 😀


This was more of a rant than a blog, but on the good side, at least I am being open and honest about this

NOTE: Everything on this page is my opinion. I am entitled to my own opinion and you can’t force me to change that.


XSS and Twitter: The Self Retweeting Tweet

On the 11th of June 2014, this was released onto TweetDeck:

It is a script tag containing JQuery, which when executed in the browser, would automatically retweet itself without the users knowledge. Usually, Tweetdeck would have a filter on for this to convert every < and > into &lt; and &gt;

However, on the 11th of June 2014. this filter was turned off, which allowed XSS attacks like this to happen.

What the user would see

All the user would see is the red love heart, as the browser would automatically hide and execute anything inside the <script> tags. In this case, the code inside of the <script> tags only retweeted itself and then showed a message box saying “XSS in TweetDeck”, however the attacker could have done many things worse than that. He could have injected the victim with ransomware or even delete everything on TweetDeck. The possibilities are almost endless.


Any website that takes a user input (Whether it be usernames, questions or even random numbers) should never simply echo the user input back to the browser. Say for example the user puts this in their input: <b> – Everything on the page would turn bold, which would mess up the webpage.

Or let’s say that the user puts this in their input:

<script language=”JavaScript”>window.location.href = ""</script>

The user would then get redirected to

Final Summary

The point is that not filtering out html tags in a user input can lead you seriously vulnerable to XSS attacks and could infect the people that visit your website with malware.


Apparently BBC Wales and BBC Breaking News was affected by this XSS attack aswell 😀

Also, if you want to know how the XSS attack worked in more detail, there is a YouTube video by Tom Scott here:


MITM: Loading a https logon form over http

Ok, we talked about XSS before, lets talk about MITM now.

MITM (Short for Man In The Middle) is a security flaw / risk in many websites. MITM attacks usually happen when a website has a weak TSL (Transport Security Layer) or a website has loaded parts over http (Without TSL) and parts over https (With TSL).

TSL is a way of verifying that the client and website are communicating securely. All websites that use TSL should be on a https connection, those without TSL will be on a http connection (You can check this in the address bar)

What is the risk of a MITM attack?

Well, let’s say you have a https logon form loaded over http. Normally, When the user enters their credentials, the credentials were securely hashed and salted using a hashing algorithm, they would then sent off to a server php file that analyzed the credentials.

However, during a MITM attack, because the logon form was loaded over a http connection with no TSL, the attacker could manipulate the logon form to send the credentials off to a 3rd party website/server and not to the legit website/server.

Moreover, the attacker could even redirect the client/victim to the legit website, so everything would seem normal to the victim and they wouldn’t even know that their account had been compromised or breached.

At which internet point between the client and the website/server could this be done?

It could happen anywhere. Your router, ISP, proxy or even your computer itself!

I still don’t understand what you are talking about.

If you prefer a video to watch instead of reading this, Troy Hunt did a video about it here. That should help you understand a bit more about the risks of a MITM attack.


Even though this example was using a logon form, an attacker could easily manipulate anything else that was loaded on a http connection with no TSL. An attacker could manipulate the webpage to make the victim download and run a malicious script or program.

Even if you do not have any logon forms or personal info on your website, it’s still a good idea to secure your site with a https connection and a valid security certificate, to stop the people who visit your website being the victims of a MITM attack.

Check out the risks of XSS attacks with a https logon form being loaded over http here.