Friday, January 12
TOP STORY
Section 702 of the Foreign Intelligence Surveillance Act - slated to expire Jan. 19 - was extended for another six years, more commentary here and here.
HACKTIVITY
SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE [17 upvotes] - $1,500 bounty for this report to Rockstar Games by @alexbirsan
XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe? [9 upvotes] - $100 bounty for this report to Quora by @stefanofindsbugs
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Stories like @russellbrandom's https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux … are why we we wrote the CERT Guide to Coordinated Vulnerability Disclosure in the first place. Multiparty coordination is hard, and perfect doesn't exist. - @__adh__
OTHER ARTICLES WE’RE READING
DNS rebinding vulnerability transmission, resulting in arbitrary remote code execution by @taviso
How, and why, the Spectre and Meltdown patches will hurt performance
Skype adds end-to-end encryption for private calls
Practice, practice, practice: 40 intentionally vulnerable websites to hack
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
We had a bipartisan coalition who worked very hard to protect people’s rights, and we will continue to fight and continue to educate our colleagues about it.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.