ZERO DAILY

Hacking, AppSec, and Bug Bounty newsletter

2018-09-13 | Krebs looks at Project Verify, Cyber Paul Revere, and Unintended consequences of GDPR

Thursday, September 13

TOP STORY

  • Krebs looks at big 4 cell phone companies co-initiative called “Project Verify” that would let websites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account.

TWEET OF THE DAY

  • If you have stored HTML injection in the <head> tag of a page (fairly common with Web Cache Poisoning), you can DOS the page's scripts by inserting a malicious CSP via the meta tag. Sometimes you can even inject into a meta tag in the header and just use the " to escape. - @rhynorator

OTHER ARTICLES WE’RE READING

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Today I discovered an unfortunate consequence of GDPR: once someone hacks into your account, they can request--and potentially access--all of your data. Whoever hacked into my @spotify account got all of my streaming, song, etc. history simply by requesting it.

Jean Yang

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.