Hacking, AppSec, and Bug Bounty newsletter
2017-10-11 | Open.OnePlus, A bug has no name, and Symantec says no to source code reviews
Wednesday, October 11
OnePlus OxygenOS is collecting a lot of personal information about your phone usage through its built-in analytics says researcher Chris Moore.
Stored XSS on support.rockstargames.com [32 upvotes] - $1,000 bounty for this report to Rockstar Games by @0x0luke.
Directory traversal at https://nightly.ubnt.com [15 upvotes] - no bounty for this report to Ubiquity Networks by @grampae.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
A bug has no name: Windows DNS buffer overflow
Symantec says “no more” to gov source code reviews
VTech data breach case likely being dismissed
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Antivirus is the ultimate back door.