Monday, April 9
We want to hear from you, our amazing readers: Take this quick survey on how we can improve Zero Daily. You may get lucky - like swag pack sent to your front door lucky. Survey ends 2018-04-13 at 12pm PST.
TOP STORY
Never say your company has “amazingly good security” especially when you store passwords in plaintext. Because then people will actually start testing that statement, again, and again and …
HACKTIVITY
XSS *[redacted url] [26 upvotes] - $1,500 bounty for this report to Shopify by @gromoza.
`atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below [5 upvotes] - no bounty for this report to Node.js third-party modules by @chalker.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
GitHub will reportedly stop supporting Internet Explorer in 3 months
DC’s Stingray mess, not an easy cleanup
Moving Beyond the Perimeter - Part 1 by Wendy Nather
The always fun, event log monitoring
Several Indian government websites went down over the weekend. While the cause was reportedly a hardware failure, the default Drupal theme logo error message from the database connect error caused a stir when news outlets assumed India was targeted by Chinese hackers.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Happy “Grill Facebook on Capital Hill week”, may your week be better than Zuck's!
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Use of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic, and privacy risks. ... Overall, [DHS's National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk.
DHS acting undersecretary Christopher Krebs
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.