Windows 10 Snipping Tool is leaking your username and/or your full name

Update October 2021. Microsoft finally fixed this issue in Windows 11 👏 If you are concerned about privacy then you probably know that it isn’t good idea to use your real name as a Windows account name. Not only Windows contains security flaws that can steal your username, but it is prominently displayed on your …

Attachments from GitHub’s private issue trackers can be viewed without any authentication

Disclaimer: I disclosed this security issue to GitHub, and they choose to not fix it (We have reviewed your report and determined that this functionality is working as expected). This is undocumented behavior, so I am describing it here. Also, note that I am not asking anyone to hack GitHub nor I am going to …

Security: How to obtain someone’s username/login from the “Gmail for work”?

Photo: freeimages.com Short version: Gmail leaks your username. Always! To get username/login information for Google Apps user (paid Work/Business account) you need one email message. Just look at the Return-Path header. Fortunately, you do not know password yet, but combined with other weaknesses (like password reuse) this is not a problem. Determining if someone is …