Hacking, AppSec, and Bug Bounty newsletter
2017-04-13 | Identifying HTTPS Protected Netflix Videos, POODLE vuln, and $40 jabber spam
Thursday, April 13
Thursday’s rock! Make it a great day.
TODAY’S TOP STORY
TCP/IP headers can tell anyone what Netflix shows you binge-watched last weekend: Identifying HTTPS Protected Netflix Videos in Real Time.
OCSP Status Request extension unbounded memory growth (CVE-2016-6304) [5 upvotes] - $2,500 bounty for this report to OpenSSL by @theyarestone. A malicious client can send an excessively large OCSP Status Request extension. Great to see IBB bounties! Cameo by HackerOne CTO Alex Rice in the report comments.
SSLv3 POODLE Vulnerability [6 upvotes] - $150 bounty for this report to Rockstar Games by @rmtyronerf. This was shared by @paulsec on twitter, “regression also happens on the security side, and specifically bug bounties in this example, cf.” Plus, we’ll take any opportunity to share a reports with the word “Poodle” in it.
You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
TWEET OF THE DAY
I'm soooo fan #mimipenguin from @HunterGregal. - @gentilkiwi
OTHER ARTICLES WE’RE READING
SeFlow, FinFisher and 0-day MSFT word spyware on Russian targets
Jeremy Piven wants you to stop clicking those phishing links
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
"The word ‘adventure’ has been overused. For me, adventure is when everything goes wrong. That’s when the adventure starts.”
Yvon Chuoinard, founder of Patagonia