Hacking, AppSec, and Bug Bounty newsletter
2018-10-15 | The Illustrated TLS Connection, Sorry for the SIMjacking, and Passport selfies
Monday, October 15
The Google + incident is probably why Google was MIA at the Senate hearings opines Scott Galloway in a recent Recode podcast. He and Kara Swisher discussed the Google+ cover up and there’s also a robust Reddit discussion on the topic of when companies should disclose.
TWEET OF THE DAY
If you ever get access to a jenkins server, you can decrypt stored credentials via the script console using println [redacted] - @rambojohndoe
OTHER ARTICLES WE’RE READING
The Illustrated TLS Connection compiled by @xargsnotbombs
Dan Goodin poses an interesting question: If supermicro boards were so bug-ridden, why would you even need implants?
Forbes’ Thomas Brewster details an interesting story of the first publicly known fraudulent abuse of TransUnion’s TLO database by a Charlotte-based rap crew.
Twitter hit $1M in bounties paid to hackers
Quite the story in Motherboard about how Jared Goetz talked the 17-year old who had hijacked his SIM card into giving him back his info and even to apologize.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
“It’s not the crime, it’s the cover-up.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.