Hacking, AppSec, and Bug Bounty newsletter
2018-08-09 | The sprinkler system attack vector, Frans’ web cache deception bug, and Gem signature forgery
Thursday, August 9
A group of six researchers from Ben-Gurion University published information showing that smart irrigation systems could take down parts of a city’s water system. An attacker could empty an urban water tower in an hour with a botnet of 1,350-odd sprinklers. More coverage from Motherboard
A web cache deception bug in Discourse reported by @fransrosen last year is public now
Gaining commit access to all Jenkins projects in 30 minutes
Gem signature forgery by @plover. Inconsistencies in how gem processes gem files make it possible to reuse a signature from an existing signed gem and apply it to arbitrary contents.
TWEET OF THE DAY
Let’s turn security around. It’s not about tech, it’s about people. Not secrecy, but openness. Not siloed teams, but pooled & collaborative defense. Not perimeter-based or point-in-time, but all-encompassing and on-going. Not about blame but about learning. Not slow, but fast. - @martenmickos
OTHER ARTICLES WE’RE READING
Kurt Bugbee is laughing at people saying security is hard. Well played, sir.
And the pwnie goes to… BitFi!
GroupSense report shows that 9.5 million email addresses were utilized by Russia to send comments to FCC regarding net neutrality debate
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Good conferences are a reflection of the community.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.