2017-04-06 | Project Sopris, CTF’s galore, and giant robot duels

Thursday, April 6, 2017

Reply if Thursday is your favorite day of the week. :)

TODAY’S TOP STORY

The Seven Properties of Highly Secure Devices. In a time where IoT stands for the Immensely offensive Totally insecure devices, 3 men at Microsoft are doing something about it. Read their research report, and check out #projectsopris ($100K in bounties up for grabs).

HACKTIVITY

Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks. [8 upvotes] - $750 bounty for this report to Phabricator by @edio. This should be required reading by every hacker. Please. Stop what you’re doing and read this.
Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks. [8 upvotes] - $750 bounty for this report to Phabricator by @edio. Yes, this back and forth with the reporter and security team lead is so good we included it twice. Read it.

As always, you can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

TWEET OF THE DAY

1955: The modern definition of the word "hack" was coined at MIT, first appearing in the minutes of the Tech Model Railroad Club. - @todayininfosec

OTHER ARTICLES WE’RE READING

CTF challenges galore. Check out these livestream hacks by murmus CTF. Coming up, ASIS CTF Quals 2017.
The case of the disappearing malware. “Most organizations are not currently equipped to defend against these tactics.” No kidding, Sherlock.
Giant robot duels are a thing. USA vs Japan this August.

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good emails to themselves - forward to your friends and colleagues for maximum enjoyment. Want to see who else runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

"The first product of self-knowledge is humility."

Flannery O'Connor

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.