Hacking, AppSec, and Bug Bounty newsletter
2017-05-12 | Hacker heaven, Mozilla bug bounty, and Jaff ransomware
Friday, May 12
It’s a hacker heaven this Friday with a trifecta of awesome material. Starting us off is @filedescriptor at AppsSec EU, Exploiting the unexploitable. Dude, you had us at foo/bar.php/1337. Frans Rosen’s AMA with Bug Bounty Forum, and Sam Curry’s Yahoo bug explained.
Clickjacking Vulnerability found on Yelp [4 upvotes] - $100 bounty for this report to Yelp by @hckyguy77. X-Frame-Options to SAME ORIGIN in HTTP headers; but exploit proves that not all pages were protected.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
Dear Twitter: What do you think I do for a living? - @TheTarquin
OTHER ARTICLES WE’RE READING
What do you call 5 million emails per hour? Jaff, apparently. Forcepoint reveals massive email ransomware campaign.
Mozilla bug bounty redux.
18F bug bounty ya’ll, the first public bug bounty program run by a civilian agency.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I didn’t have anything to put on it [toast] yesterday, so I put some grapes on it. It was weird.