Hacking, AppSec, and Bug Bounty newsletter
2017-05-12 | Hacker heaven, Mozilla bug bounty, and Jaff ransomware
Friday, May 12
It’s a hacker heaven this Friday with a trifecta of awesome material. Starting us off is @filedescriptor at AppsSec EU, Exploiting the unexploitable. Dude, you had us at foo/bar.php/1337. Frans Rosen’s AMA with Bug Bounty Forum, and Sam Curry’s Yahoo bug explained.
Clickjacking Vulnerability found on Yelp [4 upvotes] - $100 bounty for this report to Yelp by @hckyguy77. X-Frame-Options to SAME ORIGIN in HTTP headers; but exploit proves that not all pages were protected.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
Dear Twitter: What do you think I do for a living? - @TheTarquin
OTHER ARTICLES WE’RE READING
What do you call 5 million emails per hour? Jaff, apparently. Forcepoint reveals massive email ransomware campaign.
Mozilla bug bounty redux.
18F bug bounty ya’ll, the first public bug bounty program run by a civilian agency.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I didn’t have anything to put on it [toast] yesterday, so I put some grapes on it. It was weird.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.