Hacking, AppSec, and Bug Bounty newsletter
2017-08-02 | IoT legislation, Wifi cactus, and Alexa, are you listening?
Wednesday, August 2
Make it a great day!
Email link poisoning / Host header attack [19 upvotes] - $200 bounty for this report to Boozt Fashion AB by @ramsexy.
SSRF and local file disclosure in wordpress.com/media/videos/ via FFmpeg HLS processing [31 upvotes] - $800 bounty for this report to Automattic by @neex. GAB2 subtitle chunks inside an AVI file processed HLS playlists that contained references to external files.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Best Black Hat 2017 hacks by PC Mag
Wifi Cactus? And more weekly Hak5 (starting today)
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"This highlights privacy concerns people have about always-listening devices... It shows the need for developers to have security assessments of smart devices they develop and for organizations to gain assurance of the security posture of any products they purchase before installing them."