Hacking, AppSec, and Bug Bounty newsletter
2017-12-05 | Commonspeak, Leakbase goes dark, and New America contesting “cyber”
Tuesday, December 5
Commonspeak: Content discovery wordlists built with BigQuery by @shubs and the pentester.io team.
Multiple Subdomain takeovers via unclaimed instances [47 upvotes] - $8,000 bounty for this report to Starbucks by @benoculars.
Stored Cross-Site scripting in the infographics using Data Objects links [5 upvotes] - no bounty for this report to Infogram by @sp1d3rs.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
In the 1980’s the CIA caught a contractor stealing information because a secretary notice the last login time for her terminal was not what it should be.
Last Login Time may be one of the best bang for your buck security controls you can implement, but so few people do. - @chrissanders88
OTHER ARTICLES WE’RE READING
European Parliament has approved budget for VLC bug bounty program
FBI and Europol take down Andromeda botnet
NEA is contesting the use of “cyber”.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The attachment of the prefix “cyber” to various nouns has left cyber-related concepts with a variety of underlying normative connotations.