Hacking, AppSec, and Bug Bounty newsletter
2017-04-25 | The top 10 dev crypto mistakes, Grizzly Steppe, and two-years of pawn storm
Tuesday, April 25
Good day all!
No explanation needed: Top 10 Developer Crypto Mistakes.
Autoclose can close any task regardless of policies/spaces [3 upvotes] - no bounty for this report to Phabricator. Descriptive and healthy dialogue that’s publicly disclosed is smart. Say it once, say it well then point back to it. Well done Evan P!
Null pointer dereference in mrb_class [3 upvotes] - $800 bounty for this report to Shopify by @dgaletic. Cool to see Shopify using hackbot autoresponder!
Pssst, @mdv earned a $6,000 bounty from Uber (not a public report, but congrats on the big bounty!)
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
Wiring a home network from the ground-up with Ubiquiti by Troy Hunt.
A TCP proxy over named pipes.
Two years of Pawn Storm: From espionage to cyber propaganda.
DHS + FBI = GRIZZLY STEPPE
Oh thaaaat’s why. The backstory behind Roman Seleznev’s Record 27 Year Prison Sentence.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
In response to those who say to stop dreaming and face reality, I say keep dreaming and make reality.