Hacking, AppSec, and Bug Bounty newsletter
2018-09-04 | XSS using quirky implementations of ACME http-01, The rise of cybersecurity insurance, and Bug bounties and mental health
Tuesday, September 4
Netlab researchers report that 7,500+ MikroTik Routers Are Forwarding Owners’ Traffic
TWEET OF THE DAY
I'm a collector of old & rare Antivirus software for MS-DOS and just got this one from a friend > detects over 700 viruses - @cyb3rops
OTHER ARTICLES WE’RE READING
Bug bounties and mental health: wonderfully honest and thoughtful post by full-time bug bounty hunter, @NathOnSecurity, on the ups and downs of bug bounties. Worth a read for all hackers out there.
XSS using quirky implementations of ACME http-01 by Frans Rosén and Linus Särud. TL;DR Some hosting providers implemented http-01 having one part of the challenge key reflected in the response. This resulted in a huge amount of websites being vulnerable to XSS just because of their implementation of the http-01 ACME-challenge.
Axios’ Shannon Vavra on the rise of cybersecurity insurance
What year is it? Amit shares IP addresses that are C2s for an aggressive malware campaign exploiting EternalBlue - Blacklist these IP addresses.
Story time with VessOnSecurity on McAfee, cybersecurity and more.
Open sesame: Google employee found vulnerability in the smart lock made by Software House.
The Italian Job movie is 57 years-old today
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Find what works well for you, but look after yourself at the same time. It’s okay to not find bugs. It’s okay not understand a certain technique. That’s just a part of the job. It’s not okay to overwork yourself and sacrifice your mental health for additional stressful. You will find a bug. There always will be bugs. You can absolutely do this. More importantly, you need to look after yourself, and I definitely do too.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.