Feeds

Simple hack yields free Times Web content outside UK

Security through obscurity fails again

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

I don't normally read Establishment gazettes like the London Times or the Sunday Times, but whilst trawling the Web yesterday I spotted a link to a story which I thought might interest me. Imagine my disappointment when I attempted to access it and learned that only those Netizens located in the UK are permitted to read the Times for free.

Of course I was cordially invited to register and pay a subscription fee; but I didn't want a subscription -- I merely wanted to look at a single item. To me, £39.99 (about US $56.00) seemed an awfully steep price for the privilege of reading one lousy story.

So I decided to bamboozle the Times' electronic customs inspector if I could. That took all of ten minutes to accomplish, as the first (and easiest) workaround that occurred to me succeeded. They didn't even try to make a challenge of it. Essentially, I took a virtual trip to England courtesy of the Web: I merely resolved a list that I keep of working proxies to domains so I could see which ones were located in the UK. As soon as I spotted one, I entered it into my browser and then registered with the Times (using fictional personal data, naturally).

I was prepared for a struggle; but sadly, that's all it takes. And if your favourite UK proxy is slow, don't worry; you won't need it again. Just use it while you're registering. Once that's done, it makes no difference where you surf in from afterwards. The whole trick consists simply of having a UK domain showing in your http header while you're setting up an account. Once that's done, your user-name and password will 'clear' you for free access thereafter.

It's amusing to see a company getting clever with IP, trying to erect the virtual equivalent of a national frontier on the Web to exact a toll from hapless foreigners. The sheer stupidity of this effort is illuminated nicely by the sheer ease with which it's defeated. Did no one tell them that the Internet simply isn't built that way?

I do hope the Times is a good deal more diligent with the credit card data they collect from subscribers. But after seeing their 'security' scheme to lock out overseas freeloaders and protect their own revenues, I don't imagine I'll be trusting them with my CC data any time soon. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.