Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks

An anonymous Slashdot reader writes:
Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, “Not only we can eavesdrop on the …

An anonymous Slashdot reader writes:
Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, “Not only we can eavesdrop on the conversation of two strangers, we can also change their reality.” The attack can easily be extended to SMS, Whatsapp, iMessage and voice.

“At some point people exchange phone numbers and the Tinder convo stops. That’s not a problem…” Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..
His article drew a response from Tinder, arguing they “employ several manual and automated mechanisms” to deter fake and duplicate profiles. But while they’re looking for ways to improve, “ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability.”

Read more of this story at Slashdot.

Eavesdropping On Tinder: Researcher Demonstrates Man-in-the-Middle Attacks

An anonymous Slashdot reader writes:
Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, “Not only we can eavesdrop on the …

An anonymous Slashdot reader writes:
Security expert Anthony Zboralski posted on HERT a social engineering attack for Tinder that lets you perform a man-in-the-middle attack against unsuspecting users. Zboralski says, “Not only we can eavesdrop on the conversation of two strangers, we can also change their reality.” The attack can easily be extended to SMS, Whatsapp, iMessage and voice.

“At some point people exchange phone numbers and the Tinder convo stops. That’s not a problem…” Zboralski explains, suggesting more ways to continue the man-in-the-middle exploits..
His article drew a response from Tinder, arguing they “employ several manual and automated mechanisms” to deter fake and duplicate profiles. But while they’re looking for ways to improve, “ultimately, it is unrealistic for any company to positively validate the real-world identity of millions of users while maintaining the commonly expected level of usability.”

Read more of this story at Slashdot.

How to Stop WhatsApp From Giving Facebook Your Phone Number

You may never have read a terms and conditions update before, but you’ll want to this time. The post How to Stop WhatsApp From Giving Facebook Your Phone Number appeared first on WIRED.

How to Stop WhatsApp From Giving Facebook Your Phone Number

You may never have read a terms and conditions update before, but you’ll want to this time. The post How to Stop WhatsApp From Giving Facebook Your Phone Number appeared first on WIRED.

WhatsApp’s Privacy Cred Just Took a Big Hit

Now that WhatsApp is sharing phone numbers with Facebook, it’s no longer the security oasis users relied on. The post WhatsApp’s Privacy Cred Just Took a Big Hit appeared first on WIRED.

WhatsApp’s Privacy Cred Just Took a Big Hit

Now that WhatsApp is sharing phone numbers with Facebook, it’s no longer the security oasis users relied on. The post WhatsApp’s Privacy Cred Just Took a Big Hit appeared first on WIRED.

WikiLeaks Published Rape Victims’ Names, Credit Cards, Medical Data

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that’s not all it’s publishing. A report …

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that’s not all it’s publishing. A report today by the Associated Press highlights citizens who had “sensitive family, financial or identity records” published by the site. “They published everything: my phone, address, name, details,” said one Saudi man whose paternity dispute was revealed in documents published by the site. “If the family of my wife saw this… Publishing personal stuff like that could destroy people.” One document dump, from Saudi diplomatic cables, held at least 124 medical files. The files named sick children, refugees, and patients with psychiatric conditions. In one case, the cables included the name of a Saudi who was arrested for being gay. In Saudi Arabia, homosexuality is punishable by death. In two other cases, WikiLeaks published the names of teenage rape victims. “This has nothing to do with politics or corruption,” said Dr. Nayef al-Fayez, who had a patient with brain cancer whose personal details were published.

Read more of this story at Slashdot.

WikiLeaks Published Rape Victims’ Names, Credit Cards, Medical Data

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that’s not all it’s publishing. A report …

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that’s not all it’s publishing. A report today by the Associated Press highlights citizens who had “sensitive family, financial or identity records” published by the site. “They published everything: my phone, address, name, details,” said one Saudi man whose paternity dispute was revealed in documents published by the site. “If the family of my wife saw this… Publishing personal stuff like that could destroy people.” One document dump, from Saudi diplomatic cables, held at least 124 medical files. The files named sick children, refugees, and patients with psychiatric conditions. In one case, the cables included the name of a Saudi who was arrested for being gay. In Saudi Arabia, homosexuality is punishable by death. In two other cases, WikiLeaks published the names of teenage rape victims. “This has nothing to do with politics or corruption,” said Dr. Nayef al-Fayez, who had a patient with brain cancer whose personal details were published.

Read more of this story at Slashdot.

PSA: Twitch’s ‘Activity Sharing’ Feature Exposes Your Activity By Default

The ‘Activity Sharing’ feature that Twitch announced on Thursday aims to notify your entire Friends list if you’re doing something interesting. The video games streaming platform hopes that it would bolster the engagement level, as people will want to …

The ‘Activity Sharing’ feature that Twitch announced on Thursday aims to notify your entire Friends list if you’re doing something interesting. The video games streaming platform hopes that it would bolster the engagement level, as people will want to know what their friends are doing. The problem is that this feature is on my default. An anonymous reader writes: While the feature is fairly harmless, it is understandable that some people won’t want others to easily spy on their behaviors. As an example, maybe you are watching a Hello Kitty game stream — some folks might be embarrassed to have that displayed under their name. To turn it off, simply deselect the box as seen in this image.

Read more of this story at Slashdot.

PSA: Twitch’s ‘Activity Sharing’ Feature Exposes Your Activity By Default

The ‘Activity Sharing’ feature that Twitch announced on Thursday aims to notify your entire Friends list if you’re doing something interesting. The video games streaming platform hopes that it would bolster the engagement level, as people will want to …

The ‘Activity Sharing’ feature that Twitch announced on Thursday aims to notify your entire Friends list if you’re doing something interesting. The video games streaming platform hopes that it would bolster the engagement level, as people will want to know what their friends are doing. The problem is that this feature is on by default. An anonymous reader writes: While the feature is fairly harmless, it is understandable that some people won’t want others to easily spy on their behaviors. As an example, maybe you are watching a Hello Kitty game stream — some folks might be embarrassed to have that displayed under their name. To turn it off, simply deselect the box as seen in this image.

Read more of this story at Slashdot.

NSA Worried About Implications of Leaked Toolkits

Reader wierd_w writes: According to Business Insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the ‘Shadow Brokers’ absconded with a sizable trove of penetration tools and techn…

Reader wierd_w writes: According to Business Insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the ‘Shadow Brokers’ absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market. Among the concerns are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)

Read more of this story at Slashdot.

The Internet’s Safe Harbor Just Got a Little Less Safe

A recent court decision means Internet service providers may have to start policing the content their users share online. The post The Internet’s Safe Harbor Just Got a Little Less Safe appeared first on WIRED.

The Internet’s Safe Harbor Just Got a Little Less Safe

A recent court decision means Internet service providers may have to start policing the content their users share online. The post The Internet’s Safe Harbor Just Got a Little Less Safe appeared first on WIRED.