Tuesday, October 9
TOP STORY
More questionable aspects of the China chip story. Risky Business podcast did an interview with Joe Fitz, a named source said his comments were taken out of context and had concerns that what they were describing "didn't make any sense". Dragos’ Robert Lee has a good thread asking some important questions as well.
TWEET OF THE DAY
They claimed anonymous US intelligence community sources as well. Except I led the ICS threat discovery mission at the time at the NSA. And I had never heard of this attack being a cyber attack. The NSA doesn’t see everything but if the US IC is your source we would have. - @RobertMLee
OTHER ARTICLES WE’RE READING
Google Plus to close after exposing half a million users' private data. Not a great story for Google: a vulnerability was found in March and kept quiet. WSJ has the report [paywall] which includes email from executives worried about bad press.
Akamai blogs about capturing the memeCTF flag during ekoparty
ADAPE - Script: A few powershell scripts by hausec
Fitness bands and toilet paper. Call us in a few centuries when the machines finally takeover.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Current status of the SuperMicro hardware implant story: you must read the 99 tweet threads, listen to the podcast, pour beers into the five enlightened sages and then journey over seven seas and seven mountains to find the golden needle in a roc's nest. That contains the truth.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.