Hacking, AppSec, and Bug Bounty newsletter
2017-11-30 | NISTIR 839, Apple Security Update 2017-001, and Cyber Diplomacy Act of 2017
Thursday, November 30
Access Grab_Road BigData Database via Open Presto coordinator [58 upvotes] - $5,000 bounty for this report to GrabTaxi by @vinothkumar.
Query parameter reordering causes redirect page to render unsafe URL [35 upvotes] - $1,500 bounty for this report to HackerOne by @kenziy.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
The 7 y/o wants me to phone Santa. Had to explain that Santa only communicates by encrypted messaging app these days. Thanks Snowden. - @matthew_d_green
OTHER ARTICLES WE’RE READING
The Cyber Diplomacy Act of 2017: bill to create an “Office of Cyber Issues” within the Department of State. Review by lawfare blog.
One week left to comment on NISTIR 839: NICE Framework work role capability indicators
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Part of the problem with new hot startups is that security is a late stage problem after the key initial players have exited with their winnings from the game.