Hacking, AppSec, and Bug Bounty newsletter
2017-04-06 | Project Sopris, CTF’s galore, and giant robot duels
Thursday, April 6, 2017
Reply if Thursday is your favorite day of the week. :)
TODAY’S TOP STORY
The Seven Properties of Highly Secure Devices. In a time where IoT stands for the Immensely offensive Totally insecure devices, 3 men at Microsoft are doing something about it. Read their research report, and check out #projectsopris ($100K in bounties up for grabs).
Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks. [8 upvotes] - $750 bounty for this report to Phabricator by @edio. This should be required reading by every hacker. Please. Stop what you’re doing and read this.
Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks. [8 upvotes] - $750 bounty for this report to Phabricator by @edio. Yes, this back and forth with the reporter and security team lead is so good we included it twice. Read it.
As always, you can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
TWEET OF THE DAY
1955: The modern definition of the word "hack" was coined at MIT, first appearing in the minutes of the Tech Model Railroad Club. - @todayininfosec
OTHER ARTICLES WE’RE READING
The case of the disappearing malware. “Most organizations are not currently equipped to defend against these tactics.” No kidding, Sherlock.
Giant robot duels are a thing. USA vs Japan this August.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good emails to themselves - forward to your friends and colleagues for maximum enjoyment. Want to see who else runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
"The first product of self-knowledge is humility."
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.