Hacking, AppSec, and Bug Bounty newsletter
2017-05-05 | FlexiWHY, XSS for IE11, and telephony troubles
Friday, May 5
Cinco de Mayo on a Friday?! Today is bound to be amazing. Enjoy it!
Yesterday, we wrote a blog: Ethical considerations of access to the HackerOne community. Important considerations for all companies. EFF tweeted about it, and many others. You can follow the conversation on Hacker News.
Cloudflare based XSS for IE11 [16 upvotes] - swag award for this report to Cloudflare by @reactors08. Incredible responsiveness and communication from Cloudflare’s team, including this gem “I got ahold of a windows computer (unfortunately) and verified this works.” #bugbountyhumor
SSL Key Certificate expires [for dropboxpartners.com] [1 upvote] - no bounty for this report to Dropbox by @honccbb. Closed as informative, but a key point here is the power of hacker-powered security: dozens of researchers combing your stack on the daily, and will let you know when your SSL Key Certs will expire in a few days. It’s like that friendly neighborhood watch.
Today’s hacker lesson is on “how to get banned from the platform”: submit reports like this.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
OTHER ARTICLES WE’RE READING
Telephony troubles, SS7 security flaws. In short, say “No” to SMS for 2FA. Use Duo or Google, or Microsoft authenticator.
Third-party updaters as attack vectors, Microsoft’s ATP team thwarts a sophisticated (and targeted) attack on several high-profile technology and financial organizations.
Healthcare breaches continue to grow.
Want to be a stellar hacker? All you need is Andrew Jackson’s help (plus hours of practice and patience).
Dyre Russia hacking group profiled by Forbes.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The Law of Two Feet: Any time you're in a meeting where you're not contributing nor adding value--you are encouraged to use your two feet and find a place where you can.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.