ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-01-08 | Harvesting credit card numbers, DNSMasterChef, and Why Raspberry Pi isn’t vulnerable to spectre or meltdown

Monday, January 8

TOP STORY

  • David is harvesting credit card numbers and passwords on your site. Here’s how.

TWEET OF THE DAY

  • There was a golden moment in 1995 where all of the sudden all of us knew how exploitable and common stack overflows were and everything in the world was broken. That’s what this feels like. - @tqbf

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve. Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality.

Eben Upton, Raspberry Pi Founder

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.