Hacking, AppSec, and Bug Bounty newsletter
2017-05-24 | Critical IDOR, TPP resurrected, and Geekboy bloggin
Wednesday, May 24
Wee bit late today, but some gems in today's 0-Daily.
Cybersecurity is hard says Michael Daniel. He’s the President of the Cyber Threat Alliance and opines in an HBR article on some of the current uncertainty and difficulty in the cybers. The TL;DR it’s not purely a technical problem, but transparency breeds trust. A good quote from the article on that last point: work together in good faith to begin sharing threat information in an automated fashion, with everyone contributing to the system, and with the context of threats being given a lot more weight.
<- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -> [16 upvotes] - $1,400 bounty for this report to Rockstar Games by @rz01. This vulnerability had other adverse side effects as well, including information leakage and CSRF. Great find!
Combined attacks leading to stealing user's account [10 upvotes] - no bounty for this report to OLX by @anonymans. Hall of fame here we come.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
We put a lot of our personal info on the internet. Kristin Parke talks security, how to become a hacker & more - @rubenharris
OTHER ARTICLES WE’RE READING
Always root for the underdog
Motherboard thanks Roger Moore with an epic Moonraker laser battle
Geekboy be bloggin: Turning Simple Login CSRF to Account Takeover
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Music is just a set of directions for a musician to be able to read, interpret, and be able to play it and create music from it. Code is really similar because you have the syntax, you have a certain way you’re supposed to arrange words together so that a computer can go through it and understand the directions you’re trying to do and then execute those directions.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.