clarksville escort directory

A story which ticks a couple hot-button topics for security professionals and security reporters alike on Wednesday, March 28, NBC reported Grindr security flaws expose users’ location data. It’s centered across the salacious subject of online dating sites in the LGBT community, and hits a individual security concern for folks utilizing the application everywhere, as well as the likelihood of outing LGBT individuals in areas where being homosexual, bisexual, or trans is illegal or dangerous.

Regrettably, this tale is accountable of a number of the kind that is worst of FUD — fear, doubt, and question — that still takes place when some journalists cover our industry. I am right right here to share with you, dear Grindr user, you’ll find nothing taking place at Grindr that is unreasonably exposing where you are information. In this instance, the angel is within the details.

What’s Not Just A Vuln

Eventually, once you see the the NBC tale, you can observe where this reporting shifts from news to FUD:

His site permitted users to see who blocked them on Grindr once they entered their Grindr password. Once they did so…

I’m going to simply stop you immediately, because this is a fairly big flag that is red this described vulnerability. “After they entered their Grindr account,” means, “After the consumer voluntarily compromised themselves.” Any vulnerability that reveals individual information that depends totally on already obtaining the bit that is best of individual information available — the password — is not a vulnerability.

Needless to say, I’d to be something that is missing. Perhaps there is some privilege escalation trick in play that allow the attacker, equipped with any password and username, see other people’s information, or all the data, or something that way like this. (more…)