Advice for smart (running) girls on online privacy…

So not to be a ‘creepy Steve’  a la Smart Girl’s Guide to Online Privacy (fantastic read!), but another piece of advice I’d leave for the privacy-conscious who post their photos with their running bib’s on social media (especially dating sites).

If you go to running competition results pages, like the one for the Sydney Blackmores Running Festival (not just limited to this competition – pretty much all running events use similar results websites), you’ll see that all you need to find out someone’s name, age and in some cases suburb is their bib number… So as always be wary of what you post online!


Hack something first: a lesson in input validation

I wanted to write up a lesson I learnt from a certain app (won’t mention which one here, even though the vulnerability was reported and patched rather quickly!) that offered in-app currency if you sent your friends an SMS from your phone’s contacts to invite them to the service.

I found that if you gave it a fake number, the app would give you the free credits, without checking if it had a 20 digit number!! So always check that you get valid input: even if it’s from a place you’d assume that would be valid like a phone’s contacts.