|
|
|
|
|
|
by tialaramex
2086 days ago
|
|
|
If the target has halfway competent security response, you just say "Look at this obvious bug in your design" and they fix it. The first part of Troy's post makes it clear that Grindr did not have halfway competent security response. When you're dealing with a target that doesn't have halfway competent security response the only option is to actually have an equivocal demo that there's a hole which means you need to break into somebody else's account. Anything else they'll most likely gaslight you and their users. "No, there was no hole, Troy just accessed his own account, nothing to see, fake news". |
|
|