Hacking, AppSec, and Bug Bounty newsletter
2017-05-19 | 5K error page, Wannakey, and Hypponen’s Law
Friday, May 19
Short and sweet today. Happy Friday!
“?deb=trace” to a 404 URL gave researcher access to internal debug information on static.corp.google.com. Worth $5K. Read the full story.
Amazon S3 bucket misconfiguration (share) [9 upvotes] - no bounty for this report to Zomato by @glc. Fastest ticket ever?
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
"There will always be vulnerabilities. Programmers are humans, humans make mistakes." - @mikko
OTHER ARTICLES WE’RE READING
Wannakey: Recover the prime numbers of the RSA private key that are used by WC.
Joint US-Dutch cybersecurity researchers can apply for $2.6M in funding
Researcher to Zomato: “Please bug bounty better”.
Troy Hunt weekly update #35
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Whenever an appliance is described as “smart”, it’s vulnerable.