Hacking, AppSec, and Bug Bounty newsletter
2018-06-14 | Microsoft’s security servicing commitment, Server side spreadsheet injection, and Mona Lisa on the blockchain
Thursday, June 14
How to become Leonardo Da Vinci? The blockchain, of course. Read Terence Eden’s entertaining blog talking about how “you can slap a QR code on a crate - but nothing stops an unscrupulous middle-man from replacing or adulterating the contents of the crate.”
TWEET OF THE DAY
I forced a bot to watch over 1,000 hours of Olive Garden commercials and then asked it to write an Olive Garden commercial of its own. Here is the first page. - @KeatonPatti
OTHER ARTICLES WE’RE READING
Microsoft Security Servicing Commitments - Microsoft offers researchers "better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them,” in the document.
Guide for Securely Writing and Auditing Chrome Extensions by @iammandatory
Server side spreadsheet injection - by Bishop Fox’s Jake Miller “As we continue to rely on SaaS, and delegate tasks such as Office document file conversion away from the desktop environment, we can expect to see more client-side vulnerabilities emerge in server-side attack surface.”
Google dorking and finding sensitive data exposure by employees post by @uraniumhacker238
BitFi Knox Wallet - It’s unhackable! Zack literally screams into a pillow, we all laugh out loud
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Yesterday at the CogX conference, I sat in a room listening to companies pitch their blockchain based startups. Because I hate myself.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.