ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-05-05 | FlexiWHY, XSS for IE11, and telephony troubles

Friday, May 5

Cinco de Mayo on a Friday?! Today is bound to be amazing. Enjoy it!

TOP STORY

HACKTIVITY

  • Cloudflare based XSS for IE11 [16 upvotes] - swag award for this report to Cloudflare by @reactors08. Incredible responsiveness and communication from Cloudflare’s team, including this gem “I got ahold of a windows computer (unfortunately) and verified this works.” #bugbountyhumor

  • SSL Key Certificate expires [for dropboxpartners.com] [1 upvote] - no bounty for this report to Dropbox by @honccbb. Closed as informative, but a key point here is the power of hacker-powered security: dozens of researchers combing your stack on the daily, and will let you know when your SSL Key Certs will expire in a few days. It’s like that friendly neighborhood watch.   

Today’s hacker lesson is on “how to get banned from the platform”: submit reports like this

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

The Law of Two Feet: Any time you're in a meeting where you're not contributing nor adding value--you are encouraged to use your two feet and find a place where you can.

Jonathan Opp, OpenSource.com