Friday, October 26
TOP STORY
Library of Congress and the Copyright Office have expanded the exemptions to Section 1201 of the DMCA, which means more infrastructure and other complex systems can be examined by security researchers without fear of DMCA anti-circumvention liability (also has implications for election security). But the EFF says it still doesn’t go far enough.
TWEET OF THE DAY
Okay, so know how people are like “lol just patch it u dumbass”
I work at a Big Place now.
I had no freaking idea.
There’s literally someone whose job is just scanning machines to patch.
There’s an entire department that just schedules changes. - @SwiftOnSecurity
OTHER ARTICLES WE’RE READING
Orange’s web challenges in HITCON CTF 2018 and write up for One Line PHP Challenge
FireEye says Russia is to blame for ICS Triton malware used to attack Saudi Arabia petrochemical plant
Implanted Lightning USB Cable demo by _MG_ If you’re at BSides Portland this weekend, you should check out his talk on the Toolin Up track (or catch the video after).
Cathay Pacific says up to 9.4 million passengers had their data stolen
DDS and Army Cyber Command held a live hacking event at co-working space Tatooine in Augusta, Georgia.
Reddit/infosec asks and answers “your top info sec magazine/blog twitters to follow?”
“Red only exists to improve blue. Anything else is a waste of time & money.” Good thread by Tim Medin.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
For every use of blockchain you would consider today there is a better technology.
Peter Alexander, Digital Transformation Agency
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.