Wednesday, November 7
TOP STORY
Stored XSS in Evernote for Windows CVE-2018-18524. Reminds us of this.
OTHER ARTICLES WE’RE READING
Matt Blaze is yelling about election security (and so should you)
Goldman Sachs to expand hacker-powered security activities reports WSJ
Traffic misdirection by Chinese Telcoms. Oracle researcher Doug Madory reviews his experiences in 2017 attempting to stop it
Underwater hacking diving: arduino nitrox analyzer
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
I propose a new rule: If you have an app in a store somewhere and your app update says "bug fixes and improvements", your app gets banned from the store until you actually put meaningful text in the update field.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.