Grindr flaw allowed hijacking accounts with just an email address

A Grindr vulnerability allowed anyone who knows a user’s email address to easily reset their password and hijack their account. All a bad actor needed to do was type in a user’s email address in the password reset page and then pop open the dev tools to get the reset token. By adding that token to the end of the password reset URL, they won’t even need to access the victim’s inbox — that’s the exact link sent to the user’s email anyway. It loads the page where they can input a new password, giving them a way to ultimately take over the victim’s account.



BERLIN, GERMANY - APRIL 22: The logo of the dating app for gay and bisexual men Grindr is shown on the display of a smartphone on April 22, 2020 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)


BERLIN, GERMANY – APRIL 22: The logo of the dating app for gay and bisexual men Grindr is shown on the display of a smartphone on April 22, 2020 in Berlin, Germany. (Photo by Thomas Trutschel/Photothek via Getty Images)

A French security researcher named Wassime

Read More

Email Aliases Not Functioning Properly in iOS 14 [Update: Possibly Fixed in iOS 14.2 Beta 2]

Email aliases in the Mail app don’t appear to be functioning correctly in the iOS 14 update, according to multiple customer complaints on the MacRumors forums and the Apple Support Communities.


Affected customers have set up aliases in the Mail app for subscriptions, account signups, and more, as aliases are useful for concealing a primary email address and limiting unwanted messages. Those aliases are not working as intended as of the ‌iOS 14‌ update, with the Mail app on iPhone and iPad ignoring the preferred alias that’s selected when sending an email.

There appears to be no way for affected users to successfully control which alias is selected, leading to emails sent from unwanted addresses. A member of the Apple Support Communities describes the problem:

I have an IMAP account (not gmail) with a few aliases. I have been using this for YEARS and it’s always worked fine. Today, I

Read More

University of Cincinnati is looking into an instructor that referred to Covid-19 as the ‘Chinese virus’ in an email to student

A University of Cincinnati dean is investigating an email in which an instructor told a quarantined student who had to miss class that those “testing positive for the chinese virus” would not receive a grade.



a group of people walking in front of a house: The Tangeman University Center at the University of Cincinnati is seen on March 11.


© Alex Martin/Cincinnati Enquirer/USA Today Network
The Tangeman University Center at the University of Cincinnati is seen on March 11.

Evan Sotzing, a 20-year-old engineering student, said on Twitter that his girlfriend had tested positive for Covid-19. The university’s health system asked him to quarantine as a precaution, he said, requiring him to miss an in-person lab session.

When he informed his instructor about this, he said he received an insensitive reply.

“Not only did my professor give me a zero for not going (to the lab session), but this was his response,” Sotzing tweeted on Thursday, along with a screenshot of an email from adjunct faculty member John Ucker.

“For students testing positive

Read More