Gay dating app photos

Gay dating app Jack’d exposed millions of nude photos

The bug is fixed in a February 7 update. But the fix comes a year after the leak was first disclosed to the company by security researcher Oliver Hough and more than three months after Ars Technica contacted the company's CEO, Mark Girolamo, about the issue.

Online-Buddies was exposing its Jack'd users' private images and location; disclosing posed a risk.

Unfortunately, this sort of delay is hardly uncommon when it comes to security disclosures, even when the fix is relatively straightforward. And it points to an ongoing problem with the widespread neglect of basic security hygiene in mobile applications.

Post Digital Network

According to investigators, the year-old Chinese […]. Master web development with this JavaScript master class When it comes to website development, JavaScript is the language that underlies it all. This […]. Testimonials abound regarding its uses as a stress-reliever and sleep aid, not to mention its well-researched possibilities for pain management among cancer […]. Learning a new language was never meant to be about rote memorization. If you want to speak in a different tongue, first and foremost you need to speak — and when possible, interact with other native speakers.

Read the rules you agree to by using this website in our Terms of Service.

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon. Boing Boing uses cookies and analytics trackers, and is supported by advertising, merchandise sales and affiliate links.

Read about what we do with the data we gather in our Privacy Policy. Who will be eaten first?

The Dark Side of Gay Dating Apps

Our forum rules are detailed in the Community Guidelines. Boing Boing is published under a Creative Commons license except where otherwise noted. By simply traversing the range of sequential values, it was possible to view all images uploaded by Jack'd users—public or private.

Top Five Gay Dating Apps - 2018

Additionally, location data and other metadata about users was accessible via the application's unsecured interfaces to backend data. The result was that intimate, private images—including pictures of genitalia and photos that revealed information about users' identity and location—were exposed to public view.

Because the images were retrieved by the application over an insecure Web connection, they could be intercepted by anyone monitoring network traffic, including officials in areas where homosexuality is illegal, homosexuals are persecuted, or by other malicious actors. And since location data and phone identifying data were also available, users of the application could be targeted.

There's reason to be concerned.

Scruff gay dating app bans underwear photos - BBC News

Jack'd developer Online-Buddies Inc. The bug is fixed in a February 7 update. But the fix comes a year after the leak was first disclosed to the company by security researcher Oliver Hough and more than three months after Ars Technica contacted the company's CEO, Mark Girolamo, about the issue. Unfortunately, this sort of delay is hardly uncommon when it comes to security disclosures, even when the fix is relatively straightforward. And it points to an ongoing problem with the widespread neglect of basic security hygiene in mobile applications.


  • best gay dating app in india quora.
  • Trending News: Google Play Ban Removes Underwear Photos From Scruff Dating App.
  • Here Are The World's Most Popular Dating Apps For Gay Dudes.
  • gay dating perth scotland?

Hough discovered the issues with Jack'd while looking at a collection of dating apps, running them through the Burp Suite Web security testing tool. Hough set up an account and posted images marked as private. He then checked the image store and found the "private" image with his Web browser. Hough also found that by changing the sequential number associated with his image, he could essentially scroll through images uploaded in the same timeframe as his own.

Hough's "private" image, along with other images, remained publicly accessible as of February 6, There was also data leaked by the application's API. The location data used by the app's feature to find people nearby was accessible, as was device identifying data, hashed passwords and metadata about each user's account.

While much of this data wasn't displayed in the application, it was visible in the API responses sent to the application whenever he viewed profiles. After searching for a security contact at Online-Buddies, Hough contacted Girolamo last summer, explaining the issue. Girolamo offered to talk over Skype, and then communications stopped after Hough gave him his contact information.

After promised follow-ups failed to materialize, Hough contacted Ars in October. On October 24, , Ars emailed and called Girolamo. He told us he'd look into it.