ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-02-05 | GDPR and WHOIS, Subover, and Quantifying untrusted Symantec certificates

Monday, February 5

Greetings from Hawaii. Coming at you a bit earlier than normal for the next week due to the time change. Aloha.

TOP STORY

  • When good intentions can have negative side effects. Motherboard asks what is going to happen to WHOIS? The enactment of the GDPR in May could signify the beginning of the end for WHOIS data. GoDaddy is the first registrar to redact email, names, and phone numbers from all WHOIS records they publish.

HACKTIVITY

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity  

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

The problem, briefly stated, is that ICANN has agreements with the thousands of domain registrars around the globe like GoDaddy or HostGator which oblige the companies to post WHOIS data—such as names, emails, and phone numbers—for every domain registrant with their service. On the other hand, the GDPR prohibits companies from publishing information that identifies individuals, which means that when the law goes into effect in April, ICANN’s agreements with registrars about WHOIS data will be illegal, at least in Europe.

Motherboard