Hacking, AppSec, and Bug Bounty newsletter
2018-10-15 | The Illustrated TLS Connection, Sorry for the SIMjacking, and Passport selfies
Monday, October 15
The Google + incident is probably why Google was MIA at the Senate hearings opines Scott Galloway in a recent Recode podcast. He and Kara Swisher discussed the Google+ cover up and there’s also a robust Reddit discussion on the topic of when companies should disclose.
TWEET OF THE DAY
If you ever get access to a jenkins server, you can decrypt stored credentials via the script console using println [redacted] - @rambojohndoe
OTHER ARTICLES WE’RE READING
The Illustrated TLS Connection compiled by @xargsnotbombs
Dan Goodin poses an interesting question: If supermicro boards were so bug-ridden, why would you even need implants?
Forbes’ Thomas Brewster details an interesting story of the first publicly known fraudulent abuse of TransUnion’s TLO database by a Charlotte-based rap crew.
Twitter hit $1M in bounties paid to hackers
Quite the story in Motherboard about how Jared Goetz talked the 17-year old who had hijacked his SIM card into giving him back his info and even to apologize.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
“It’s not the crime, it’s the cover-up.”