ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-04-19 | IoT RSAC survey, ITL bulletin, and Quantum of Solace

Wednesday, April 19

Happy hump day.

TOP STORY

  • Survey of 160 attendees at RSAC 2017 by Lieberman reveals everyone is scared to death about IoT security. Download the full cheery report. Some of the findings: less than half have a process for changing the default passwords on their company's IoT devices, over 80% of respondents worry about attacks originating their IoT devices. And oh yeah, 63% are not confident in their ability to track and manage all the IoT devices on their network.

HACKTIVITY

  • [https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled [8 upvotes] - no bounty for this report to Homebrew by @zephrfish. Jenkins in debug mode = stack traces. William Wallace would be proud.

  • Information Disclosure [0 upvotes] - no bounty for this report to GlobaLeaks by @secure_world. Though no bounty and this report was closed as informative, the exchange and result is exactly why Hacktivity is so valuable. Disclosing information for other hackers to see (i.e., if you find this, I’m going to close it as informative b/c we accept the risk). Love the security team responder from GlobaLeaks, @synnick’s, pitch for *awesome swag and invite to have a beer together if the hacker is at [redacted] conference!

You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

TWEET OF THE DAY

  • I am extremely excited to announce https://periph.io! A new low level hardware library in Go with no C dependency. #periphio #golang - @marcaruel

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

"I dunno, man, I already went and got a PhD in astrophysics. Seems like more than that would be overkill at this point."

@AstroKatie

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.