Hacking, AppSec, and Bug Bounty newsletter
2017-08-25 | Togetherwehitharder, OPM Malware arrest, and Project Zero update
Friday, August 25
Mayweather or McGregor?
100% of respondents in the 2017 IT Risks in Government Survey just published say employees are their largest security threat. Wired says human nature is the biggest challenge in security. And CERT’s CVD Guide says in the conclusion “... it’s not just the technology that falls short of our ideals.” Humans. We’re the problem but also the solution. As the authors of the CERT Guide say “We fix what we can, mitigate what we can’t fix, and remain vigilant over what we can’t mitigate.” #togetherwehitharder
Reflected XSS - gratipay.com [15 upvotes] - Swag awarded for this report to Gratipay by @tungpun. Amazing thread. Read it.
dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass) [10 upvotes] - $500 bounty for this report to Rockstar Games by @netfuzzer. Nifty little trick; bypassing previous fix by hashing part of the payload.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
A regular reminder that social engineering happened well before the tech revolution: How Scams Worked In The 1800s - @jessysaurusrex
OTHER ARTICLES WE’RE READING
OPM Malware arrest yesterday. See the full indictment
Bypassing VirtualBox Process Hardening on Windows - Project Zero update
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
In the world we find ourselves occupying, software-based systems exhibit complex behaviors, increasingly exceeding the limits of human comprehension. As a society, we have become capable of building things we don’t fully understand.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.