Hacking, AppSec, and Bug Bounty newsletter
2017-08-09 | UK's smart car cyber law, Awesome-hacking, and AI for security
Wednesday, August 9
Happy 10-year anniversary, financial crisis.
The UK Government has issued new cyber security guidelines for smart cars: The key principles of vehicle cyber security for connected and automated vehicles. Admirable goal to keep security top of mind for all parties involved in the manufacturing supply chain, from designers and engineers, to retailers and senior level executives. Auto-ISAC is also worth mentioning as a collaborative initiative to stay ahead of threats.
Ability to log in as any user without authentication if █████████ is empty [10 upvotes] - $1,000 bounty for this report to Ubiquiti Networks by @thenickdude. airControl system had a flaw that allowed unauthenticated access without a valid ticket
Ability to post comments to a crew even after getting kicked out [3 upvotes] - $500 bounty for this report to Rockstar Games by @Anshuman_BH. TL;DR - Members who got kicked out of the crew, their sessions weren't being invalidated and they still had the old perms.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“[the bill] will allow innovation to flourish and ensure the next wave of self-driving technology is invented, designed and operated safely in the UK.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.