Hacking, AppSec, and Bug Bounty newsletter
2017-10-17 | DMARC mandate, Subaru key fob vuln, and call for WPA3
Tuesday, October 17
Happy spreadsheet day (for real). It’s the 35th anniversary of VisiCalc.
Reuters reports that Microsoft responded quietly after detecting secret database hack in 2013. Good reminder to keep systems and data access under the highest scrutiny. And also, be more like Mozilla.
Homograph fix Bypass [45 upvotes] - $750 bounty (including a $250 bonus!) for this report to HackerOne by @hk755a.
Remote code execution as root on [REDACTED] [21 upvotes] - $3,000 bounty for this report to Zendesk by @agarri_fr.
Slack, Yahoo, Discourse, Quora, Airbnb and others fixed vulnerabilities and awarded bounties in the last 24-hours.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
In light of recent Wifi shenanigans it's probably a good time to give BeyondCorp another plug. - @riskybusiness
OTHER ARTICLES WE’RE READING
TL;DR on why KRACK happened
Call for WPA3 - what's wrong with WPA2 security and how to fix it
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We need machine-assisted verification of protocols, preferably tied to the actual source code that implements them.