Wednesday, April 19
Happy hump day.
TOP STORY
Survey of 160 attendees at RSAC 2017 by Lieberman reveals everyone is scared to death about IoT security. Download the full cheery report. Some of the findings: less than half have a process for changing the default passwords on their company's IoT devices, over 80% of respondents worry about attacks originating their IoT devices. And oh yeah, 63% are not confident in their ability to track and manage all the IoT devices on their network.
HACKTIVITY
[https://jenkins.brew.sh] Jenkins in Debug Mode with Stack Traces Enabled [8 upvotes] - no bounty for this report to Homebrew by @zephrfish. Jenkins in debug mode = stack traces. William Wallace would be proud.
Information Disclosure [0 upvotes] - no bounty for this report to GlobaLeaks by @secure_world. Though no bounty and this report was closed as informative, the exchange and result is exactly why Hacktivity is so valuable. Disclosing information for other hackers to see (i.e., if you find this, I’m going to close it as informative b/c we accept the risk). Love the security team responder from GlobaLeaks, @synnick’s, pitch for *awesome swag and invite to have a beer together if the hacker is at [redacted] conference!
You can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.
TWEET OF THE DAY
I am extremely excited to announce https://periph.io! A new low level hardware library in Go with no C dependency. #periphio #golang - @marcaruel
OTHER ARTICLES WE’RE READING
Hack with Github: awesome repositories
NIST released their latest security bulletin: ITL Bulletin for April 2017
.Gov coordinated disclosure timeline from I Am The Cavalry.
Automating OSINT by Building a Keyword Monitoring Pipeline with Python, Pastebin and Searx
Quantum of Solace, NSA style.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
"I dunno, man, I already went and got a PhD in astrophysics. Seems like more than that would be overkill at this point."
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.