Hacking, AppSec, and Bug Bounty newsletter
2017-04-07 | Dumb TVs, NPM, and the best job application is trojan code
Friday, April 7, 2017
Let’s make every Friday aloha Friday!
TODAY’S TOP STORY
Weeping Angel you say? Well, newsflash: your smart TV is not as smart as you would think. How I Hacked my Smart TV from My Bed via a Command Injection details the exploit. Internet connected devices can have vulnerabilities in the weirdest of places says author Sven. Can I get an amen?
Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers [18 upvotes] - $500 bounty for this report to ahem, HackerOne by @0xffe4. Nice summary and repro steps by the hacker. Also, that Jobert is so dang nice - happy hacking indeed!
Open Redirect in meeting.qiwi.com [5 upvotes] - $100 bounty for this report to Qiwi by @cyberunit. Sometimes, it’s the simple things. Cyberunit earned “the benjamin bounty” for an open redirect in 3rd party software at meeting.qiwi.com.
As always, you can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
TWEET OF THE DAY
The story of NPM and Yarn in one pull request. - @aupajo
OTHER ARTICLES WE’RE READING
Hey, we loved your nuclear bot, that was some slick banking trojan code, want a job?
A short history of the financial Trojan by Symantec. Part of a series of “histories” about malware on their medium channel.
Inside the next Xbox: Project Scorpio tech revealed
Video game theme continued… PS4 4.0x WebKit Exploit Writeup
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good emails to themselves - forward to your friends and colleagues for maximum enjoyment. Want to see who else runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
“Talk to people about themselves and they will listen for hours.”