2017-04-07 | Dumb TVs, NPM, and the best job application is trojan code

Friday, April 7, 2017

Let’s make every Friday aloha Friday!

TODAY’S TOP STORY

Weeping Angel you say? Well, newsflash: your smart TV is not as smart as you would think. How I Hacked my Smart TV from My Bed via a Command Injection details the exploit. Internet connected devices can have vulnerabilities in the weirdest of places says author Sven. Can I get an amen?

HACKTIVITY

Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers [18 upvotes] - $500 bounty for this report to ahem, HackerOne by @0xffe4. Nice summary and repro steps by the hacker. Also, that Jobert is so dang nice - happy hacking indeed!
Open Redirect in meeting.qiwi.com [5 upvotes] - $100 bounty for this report to Qiwi by @cyberunit. Sometimes, it’s the simple things. Cyberunit earned “the benjamin bounty” for an open redirect in 3rd party software at meeting.qiwi.com.

As always, you can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

TWEET OF THE DAY

The story of NPM and Yarn in one pull request. - @aupajo

OTHER ARTICLES WE’RE READING

Hey, we loved your nuclear bot, that was some slick banking trojan code, want a job?
A short history of the financial Trojan by Symantec. Part of a series of “histories” about malware on their medium channel.
Inside the next Xbox: Project Scorpio tech revealed
Video game theme continued… PS4 4.0x WebKit Exploit Writeup

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good emails to themselves - forward to your friends and colleagues for maximum enjoyment. Want to see who else runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

“Talk to people about themselves and they will listen for hours.”

Benjamin Disraeli

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.