ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-03-01 | Trustico SSL cert saga, Duo’s SAML vulnerability research, and Mozilla doesn’t want Equifax to get off easy

Thursday, March 1

TOP STORY

HACKTIVITY

Toyota, Intel, Automattic, Twitter, Yahoo, Snapchat and more paid out bounties in the past 24-hours.

You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity  

TWEET OF THE DAY

  • I must ask you refrain from using hacker characters when engaging with my content. - @megahbite

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Get this email forwarded to you? Click here to subscribe to the Zero Daily

My this week’s most useless finding: Buffer Overflow in cmd.exe can be used to enable debug mode when more than 256 chars are used (StatementType[] can hold 256 entries, type of ( is 0x33 and therefore enables debug mode. Disable via @ which has type 0x00)

Rene Freingruber

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.