Hacking, AppSec, and Bug Bounty newsletter
2017-11-09 | Schneier on Equifax, Art of iOS forensics, and Script kiddies beware
Thursday, November 9
Remote code execution on rubygems.org [32 upvotes] - $1,500 bounty for this report to RubyGems by @max.
Reflected XSS on the json/translation endpoint [6 upvotes] - no bounty for this report to Razor US by @sp1d3rs.
Snapchat and Dropbox paid bounties over $2K yesterday! Also on Hacktivity: GitLab, Imgur, Yahoo, Coursera, DoD, Automattic disclosed reports.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Cryptocoins demonstrate that getting people to run arbitrary code was historically never the limiting factor in attacks. The issue was monetization. - @swiftonsecurity
OTHER ARTICLES WE’RE READING
Analog is so hot right now: The only safe voting tech is paper says Barbara Simons
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
I am not afraid of Artificial Intelligence but Natural Stupidity.