Hacking, AppSec, and Bug Bounty newsletter
2017-08-24 | Hidden Cobra, DreamHost’s big win, and Adapting Burp Extensions
Thursday, August 24
AccuWeather iOS app sends location information to data monetization firm according to researcher Will Strafach. John Gruber provides a helpful walkthrough of the AccuWeather response.
Restaurant payment information leakage [7 upvotes] - $500 bounty for this report to Zomato by @nbsp. An endpoint was leaking banking information of restaurant owners: Bank Name, Account number.
Gratipay rails secret token (secret_key_base) publicly exposed in GitHub [6 upvotes] - no bounty for this report to Gratipay by @nuii. Finding a bug in a program by reading the writeup of the owner of the program: #togetherwehitharder.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Hidden Cobra - North Korea’s DDoS Botnet Infrastructure
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Our regulations and our industry trends have gotten our architecture to a pretty decent place. The passive defenses probably need some work, but we’re getting there. The piece that is completely lacking is active defense. There are less than 1,000 ICS cybersecurity professionals worldwide. We’ve got to focus on training the human.