Hacking, AppSec, and Bug Bounty newsletter
2018-04-09 | Amazingly good security, DC’s Stingray mess, and Moving beyond the perimeter
Monday, April 9
We want to hear from you, our amazing readers: Take this quick survey on how we can improve Zero Daily. You may get lucky - like swag pack sent to your front door lucky. Survey ends 2018-04-13 at 12pm PST.
XSS *[redacted url] [26 upvotes] - $1,500 bounty for this report to Shopify by @gromoza.
`atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below [5 upvotes] - no bounty for this report to Node.js third-party modules by @chalker.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
GitHub will reportedly stop supporting Internet Explorer in 3 months
DC’s Stingray mess, not an easy cleanup
Moving Beyond the Perimeter - Part 1 by Wendy Nather
The always fun, event log monitoring
Several Indian government websites went down over the weekend. While the cause was reportedly a hardware failure, the default Drupal theme logo error message from the database connect error caused a stir when news outlets assumed India was targeted by Chinese hackers.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Happy “Grill Facebook on Capital Hill week”, may your week be better than Zuck's!
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Use of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic, and privacy risks. ... Overall, [DHS's National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk.