Hacking, AppSec, and Bug Bounty newsletter
2017-06-06 | 3.4B Records exposed, Who is Reality Winner, and Security Fest Videos
Tuesday, June 6
RIP Jean Sammet.
The Intercept published a top-secret NSA report detailing Russia’s role in 2016 U.S. election hacking. Their source, Reality Winner, was reportedly arrested within one hour of sending the top secret document. Here’s how authorities tracked her down.
Password Reset link hijacking via Host Header Poisoning [19 upvotes] - no bounty for this report to concrete5 by @cdl. Known issue, resolved by entering a Canonical URL. But cool to see statements like this from security team’s: “It’s a different vector, but resolved by the same solution. Figured we could give you some rep since it was a nice find.”
Flash XSS on Buick_RotatingMasthead_JellyBeanSlider.swf [4 upvotes] - no bounty for this report to General Motors by @mystech7. Buick.com website contained a parameter that allowed XSS injection.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I thought of a computer as some obscene piece of hardware that I wanted nothing to do with… To my utter astonishment, I loved it.