Hacking, AppSec, and Bug Bounty newsletter
2018-01-11 | SCADA and mobile apps, Wag Labs leaks customer home data, and Cracking WhatsApp and Signal
Thursday, January 11
SSL_peek() hang on empty record (CVE-2016-6305) [4 upvotes] - $1,000 bounty for this report to OpenSSL by @alex_gaynor.
mruby heredoc notation [4 upvotes] - $800 bounty for this report to Shopify-scripts by @j0s3.
OTHER ARTICLES WE’RE READING
Wag Labs, dog walking app startup, exposed home addresses and lock box codes
Matthew Green’s attack of the week: WhatsApp and Signal
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
SCADA and ICS come to the mobile world recently, but bring old approaches and weaknesses. Hopefully, due to the rapidly developing nature of mobile software, all these problems will soon be gone.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.