Hacking, AppSec, and Bug Bounty newsletter
2017-09-06 | Self-driving car bill HR 3388, Dragonfly 2.0, and CVE-2017-9805
Wednesday, September 6
The road to self-driving cars has many speed bumps. RE Code says we need to stop pretending that the autonomous car is imminent. Ars reports that hacking street signs with stickers could confuse self-driving cars. HR 3388 is before the U.S. House of Representatives today, a bill that would speed the deployment of self-driving cars.
SAML Authentication Bypass on uchat.uberinternal.com [38 upvotes] - $8,500 bounty for this report to Uber by @mishre.
[IDOR] The authenticated user can restart website build or view build logs on any another Federalist account [12 upvotes] - $350 bounty for this report to TTS Bug Bounty (18F) by @sp1d3rs.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Dragonfly 2.0 - Sabotage of power grids in US, Switzerland, and Turkey
SEC Chief wants investors to better understand cyberrisk [WSJ, paywall]
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
So basically, when the data is being sent to MIGS, we can just insert additional parameter after the amount to eat the last digits, or to the front to eat the first digits, the amount will be slashed, and you can pay [sic] a 2000 USD MacBook with 2 USD.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.