Tag: allowed

04
Oct
2020
Posted in technology

Wishing Trump’s death from COVID-19 not allowed on Facebook, Twitter

gettyimages-1033887648

President Trump’s Twitter page.


Jaap Arriens/NurPhoto via Getty Images

As news of President Donald Trump’s positive COVID-19 diagnosis spread, social media companies warned their users that content wishing for the president to die won’t be allowed on their platforms.

After the president revealed on Thursday that he and first lad Melania Trump had tested positive for the virus, many people took to social media to wish him a speedy recovery, but many others said they hoped for the opposite outcome.

A Facebook spokesperson Friday such post violate the social media giant’s user policies and will be removed.

“To be clear, Facebook is removing death threats or content targeted directly at the president that wishes him death, including comments on his posts or his page – in addition to content tagging him,” Facebook spokeswoman Liz Bourgeois said in a tweet

.

Twitter echoed that sentiment, saying Friday night that “tweets that wish or hope for death, serious bodily harm or fatal disease against *anyone* are not allowed and will need to be removed. This does not automatically mean suspension.”

For some time, critics of Twitter have attacked the social network over a perceived failure to respond quickly and appropriately to reports of troubling tweets and harassment on the site. Twitter’s announcement was met with immediate criticism from four Democratic congresswomen known as “The Squad.”

Reps. Alexandria Ocasio-Cortez of New York, Rashida Tlaib of Michigan, Ilhan Omar

03
Oct
2020
Posted in technology

Grindr flaw allowed hijacking accounts with just an email address

A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. All a bad actor needed to do was type in a user’s email address in the password reset page and then pop open the dev tools to get the reset token. By adding that token to the end of the password reset URL, they won’t even need to access the victim’s inbox — that’s the exact link sent to the user’s email anyway. It loads the page where they can input a new password, giving them a way to ultimately take over the victim’s account.



BERLIN, GERMANY - APRIL 22: The logo of the dating app for gay and bisexual men Grindr is shown on the display of a smartphone on April 22, 2020 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)


BERLIN, GERMANY – APRIL 22: The logo of the dating app for gay and bisexual men Grindr is shown on the display of a smartphone on April 22, 2020 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)

A French security researcher named Wassime Bouimadaghene discovered the flaw and tried to report it to the dating service. When support closed his ticket and he didn’t hear back, he asked help from security expert Troy Hunt who worked with another security expert (Scott Helme) to set up a test account and confirm that the vulnerability does exist. Hunt, who called the issue “one of the most basic account takeover techniques” he’s ever seen, managed to get in touch with Grindr’s security team directly by posting a call for their contact details on Twitter.

Loading...

Load Error

While Grindr quickly fixed the issue after hearing from Hunt, the incident underscored the platform’s shortcomings when it comes to security. And that’s a huge problem when the dating app caters to individuals whose sexual orientations and identities could make them a target for harassment and violence. This isn’t the first security issue Grindr has had to deal with. Back