Hacking, AppSec, and Bug Bounty newsletter
2017-07-11 | The .io error, Vine Archive bug, and Reckless part III
Tuesday, July 11
Cheers to a productive Tuesday!
Matt Bryant is at it again with The .io Error – Taking Control of All .io Domains With a Targeted Registration. You can also see his previous post on how he hijacked .na and .co; among others.
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ] [44 upvotes] - $7,560 bounty for this report to Twitter by @R3liGiOusHuNt3r. Bug related to the Vine Archive which had the potential to expose the email address or phone number associated with a Vine account - reported, triaged, and fixed within 24-hours of the feature launching.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Zero Day initiative has paid out over $2M in bounties
Reckless part III - by Citizen Lab
Hey U.S. readers, NIST wants to hear from you on growing and sustaining the nation’s cybersecurity workforce
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
As it turns out, this method was not only a plausible way to attack a TLD, it actually led to the compromise of the biggest TLD yet.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.