Hacking, AppSec, and Bug Bounty newsletter
2017-06-16 | Metropolis where art thou, CRLF in Snap, and Bounty Dash
Friday, June 16
The Ethereum Network Is DDoS-ing Itself. Sort of. It’s too darn popular, Motherboard’s Dan Oberhaus notes, referencing the Bancor launch on Monday, which raised $153M and was in such high demand that the huge number of transactions being carried out caused the Ethereum network to grind to a halt. Chants of “we want Metropolis” are echoing around the world.
CRLF Injection at vpn.bitstrips.com [17 upvotes] - $500 bounty for this report to Snapchat by @wplus. Injecting a Carriage Return and Line Feed character, researcher was able to make the server issue a set-cookie header. Check out the conversation stream - wplus knows what’s up! Sharing sample reports for summary and linking to our post, How does public disclosure work? Love it.
Burp Suite increased their maximum bounty to $10K. Get hackin'.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Cafe guy: Dude, are you updating your helmet?
Me: They added support for my rice cooker - @j0hnnyXm4s
OTHER ARTICLES WE’RE READING
Eh? Tata devs leaked banks' code on public GitHub repo
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
There are real structural concerns hampering the development of the job market today that must be addressed. It is particularly concerning that employers appear reluctant to invest in their workforce and are unwilling to hire less-experienced candidates. If we cannot be prepared to develop new talent, we will lose our ability to protect the economy and society.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.