ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2017-05-30 | TravelMode by 1Password, 2FA’s achilles heel, and Vape pen exploits

Tuesday, May 30

Welcome to the unofficial start of summer!  

TOP STORY

HACKTIVITY

  • Reflected XSS in <any>.myshopify.com through theme preview [43 upvotes] - $2,000 bounty for this report to Shopify by @zombiehelp54. Reflected XSS that could be triggered on the storefront of any Shopify store.

  • IDOR in editing courses [16 upvotes] - $300 bounty for this report to Maximum by @kieran. See the May 22nd comment by @bamie - upstream bug to 3rd party, issue triaged and fixed, hacker bountied, everyone happy.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity

TWEET OF THE DAY

  • Ethical hackers can help protect our data from bad actors by doing what they do best: hacking. That's why I introduced the Hack @DHSgov Act - @SenatorHassan

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

 

I consider reading HackerOne activity feeds a good complementary reading to taking the security class at MIT

Slava Kim