Tuesday, April 18
35% of the work in the world is done on Tuesdays. Make it count!
TODAY’S TOP STORY
ISP’s down under are storing all that metadata (watch the AUS Attorney General attempt to explain metadata). England too, btw. Troy Hunt shares a compelling tale about mandatory ISP data retention and the law of unintended consequences in his most recent blog post. Which reminds us to ask: How many VPN buyer’s guides and articles have you read lately? The answer: Too bloody many!!
HACKTIVITY
Stored XSS in e.mail.ru (payload affect multiple users) [14 upvotes] - $750 bounty for this report to mail.ru by @afinepl. 48 hours from report submission to bounty.
File access controls incorrectly enforced for files shared via QuickLink - Unshared files can be accessed [14 upvotes] - $600 bounty for this report to BrickFTP by @eboda. Oh Edgar, foobar is spelled fubar. Hackers and their POC humor.
You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
Bug hunting in APIs and WebSockets: Attacking Microsoft Edge to identify users by leaking URLs from Fetch requests.
What does a hacker problem look like? Quora post by HackerOne co-founder, Jobert Abma.
Wordpress.org launched their bounty program to the public!
Stalkerware. Yeah, it’s a thing
Jason Bourne - cyber dude. Fact Checking Cyber Espionage Tactics in the latest Jason Bourne Movie
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
"There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists."
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.