ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-04-13 | Identifying HTTPS Protected Netflix Videos, POODLE vuln, and $40 jabber spam

Thursday, April 13

Thursday’s rock! Make it a great day.

TODAY’S TOP STORY

HACKTIVITY

  • OCSP Status Request extension unbounded memory growth (CVE-2016-6304) [5 upvotes] - $2,500 bounty for this report to OpenSSL by @theyarestone. A malicious client can send an excessively large OCSP Status Request extension. Great to see IBB bounties! Cameo by HackerOne CTO Alex Rice in the report comments.

  • SSLv3 POODLE Vulnerability [6 upvotes] - $150 bounty for this report to Rockstar Games by @rmtyronerf. This was shared by @paulsec on twitter, “regression also happens on the security side, and specifically bug bounties in this example, cf.” Plus, we’ll take any opportunity to share a reports with the word “Poodle” in it.

You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

TWEET OF THE DAY

  • I'm soooo fan #mimipenguin from @HunterGregal. - @gentilkiwi

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

"The word ‘adventure’ has been overused. For me, adventure is when everything goes wrong. That’s when the adventure starts.”

Yvon Chuoinard, founder of Patagonia