Hacking, AppSec, and Bug Bounty newsletter

2017-11-10 | Getting access to 25k employee's details, Magoo’s 5, and HBD to Hack The Pentagon

Friday, November 10



Stop us if you’ve heard this one before… “The configuration file of an internal IRC bot (which included credentials to internal services and some external services used by [redacted] developers) was inadvertently included by an employee in a personal public GitHub repository. The repository was taken down and the affected credentials rotated.

You can see all the latest and greatest disclosures and bounties on


  • Hackers finally got their chance to try and hack the Pentagon without repercussion - @wired

Twitter gold: Robert Tracinski (@Tracinski) dissects Twitter’s 140 chars and its recent move to 280 chars in this tweetstorm.



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily

"It’s one thing for a company to come forward and work with their general counsel to do a bug bounty. It’s a completely different thing entirely for the organization that really initiated the Computer Fraud and Abuse Act and that early hostility toward security researchers to openly start engaging and working with them. The weight that the DoD brings when they pair with the DoJ to say 'hackers can do good,' that just doesn’t exist anywhere else."

Alex Rice on the DoD and Hack The Pentagon for Wired


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.