Hacking, AppSec, and Bug Bounty newsletter
2018-09-27 | cspparse, One word turing test, and Working in infosec be like…
Thursday, September 27
Greetings from Buenos Aires where we’re here for Ekoparty and h1-5411!
Facebook is taking phone numbers given to them for two factor authentication and using them for ad targeting. This came up a while ago, seems a cross-University research group did some digging and published a report.
TWEET OF THE DAY
It’s just so easy to inadvertently make cloud services public, imagine how many similar instances to this there are that just never make the press… - @troyhunt
OTHER ARTICLES WE’RE READING
Rules of the cyber road con? Coming soon?
Latest Feisty Duck TLS newsletter #45 is out
cspparse: a tool by Corben Leo to evaluate Content Security Policies
One word Turing test: skeptical
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
them: is 10 the highest CVE score you can have?
them: a website has unauthenticated, remote access via a single get request
me: seems like a 10.
them: which returns select * on a quarter million unencrypted credit card #'s.
me: okay, maybe 11.