Hacking, AppSec, and Bug Bounty newsletter

2017-06-16 | Metropolis where art thou, CRLF in Snap, and Bounty Dash

Friday, June 16



  • The Ethereum Network Is DDoS-ing Itself. Sort of. It’s too darn popular, Motherboard’s Dan Oberhaus notes, referencing the Bancor launch on Monday, which raised $153M and was in such high demand that the huge number of transactions being carried out caused the Ethereum network to grind to a halt. Chants of “we want Metropolis” are echoing around the world.


  • CRLF Injection at [17 upvotes] - $500 bounty for this report to Snapchat by @wplus. Injecting a Carriage Return and Line Feed character, researcher was able to make the server issue a set-cookie header. Check out the conversation stream - wplus knows what’s up! Sharing sample reports for summary and linking to our post, How does public disclosure work? Love it.

Burp Suite increased their maximum bounty to $10K. Get hackin'. 

You can see all the latest and greatest disclosures and bounties on


  • Cafe guy: Dude, are you updating your helmet?
    Me: Yeah
    Guy: Why?
    Me: They added support for my rice cooker - @j0hnnyXm4s



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


There are real structural concerns hampering the development of the job market today that must be addressed. It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.

Adrian Davis, Managing Director, EMEA ISC


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.