Hacking, AppSec, and Bug Bounty newsletter
2017-07-11 | The .io error, Vine Archive bug, and Reckless part III
Tuesday, July 11
Cheers to a productive Tuesday!
Matt Bryant is at it again with The .io Error – Taking Control of All .io Domains With a Targeted Registration. You can also see his previous post on how he hijacked .na and .co; among others.
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] [44 upvotes] - $7,560 bounty for this report to Twitter by @R3liGiOusHuNt3r. Bug related to the Vine Archive which had the potential to expose the email address or phone number associated with a Vine account - reported, triaged, and fixed within 24-hours of the feature launching.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Zero Day initiative has paid out over $2M in bounties
Reckless part III - by Citizen Lab
Hey U.S. readers, NIST wants to hear from you on growing and sustaining the nation’s cybersecurity workforce
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
As it turns out, this method was not only a plausible way to attack a TLD, it actually led to the compromise of the biggest TLD yet.