Hacking, AppSec, and Bug Bounty newsletter
2018-01-16 | Inspectre, Purple rain attack, and Firefox announces security contexts everywhere
Tuesday, January 16
Firefox announced that you will need HTTPS to deploy new features and additions. Vincent Lynch says it is “A major step forward which is finally possible after a lot of ground work to make HTTPS more accessible.”
Query string parameter modifications returned in page [6 upvotes] - $128 bounty for this report to Showmax by @ven0ms.
DNS pinning SSRF [3 upvotes] - no bounty for this report to Alien Vault by @cujanovic.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Showcase/Embed your @Hacker0x01 profile with this tool: https://hackers.bugbounty.site/?username=uranium238 Special credits and thanks to @Rhynorater for a great idea! #togetherwehitharder - @uraniumhacker
OTHER ARTICLES WE’RE READING
Inspectre: Easily examine and understand any Windows system's hardware and software capability to prevent Meltdown and Spectre attacks.
Those meltdown updates though: Meltdown patches are making industrial control systems lurch, and Wired looks at the hidden toll
Purple rain attack by netmux
How’s that for negative gross margins? Pay in Bitcoin Cash, get refunds in Bitcoin
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"Remember, non-deterministic output is your friend"
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.