This is a great article detailing a vulnerability in the BCard API, an API that was used at BlackHat 2018 for tracking access badges. The vulnerability allowed unauthenticated users to remotely...
This is a great article detailing a vulnerability in the BCard API, an API that was used at BlackHat 2018 for tracking access badges. The vulnerability allowed unauthenticated users to remotely query the API and enumerate all registered BlackHat 2018 attendees. Full disclosure, the researcher and author is a friend of mine.
Nice article, thanks for sharing. Embarrassing for a cybersecurity event to leak this info on an unsecured endpoint; good for the author for finding and reporting it. Curiously though, they...
Nice article, thanks for sharing.
Embarrassing for a cybersecurity event to leak this info on an unsecured endpoint; good for the author for finding and reporting it.
Curiously though, they disabled the endpoint, citing that it was a legacy system. If the data on the NFC tags doesn't change, how will the marketers get access to the emails of the attendees that request more information? Will a new authenticated endpoint be added and then the app be updated to support that endpoint?
This is a great article detailing a vulnerability in the BCard API, an API that was used at BlackHat 2018 for tracking access badges. The vulnerability allowed unauthenticated users to remotely query the API and enumerate all registered BlackHat 2018 attendees. Full disclosure, the researcher and author is a friend of mine.
Nice article, thanks for sharing.
Embarrassing for a cybersecurity event to leak this info on an unsecured endpoint; good for the author for finding and reporting it.
Curiously though, they disabled the endpoint, citing that it was a legacy system. If the data on the NFC tags doesn't change, how will the marketers get access to the emails of the attendees that request more information? Will a new authenticated endpoint be added and then the app be updated to support that endpoint?