Hacking, AppSec, and Bug Bounty newsletter
2018-12-03 | MITM regardless of HTTPS, FBI’s fake FedEx site, and AWS Security Hub
Monday, December 3
Sennheiser HeadSetup software included a self-signed root certificate installed by version 7.3 of the app that kept the private cryptographic key in a format that could be easily extracted. Reporting by Ars Technica’s Dan Goodin. Kinda related, Detectify published a blog on how MITM is possible regardless of HTTPS.
OTHER ARTICLES WE’RE READING
Krebs on the Marriott data breach, listing it as the latest in a series of hospitality company breaches
For a longer read, last week Motherboard’s Joseph Cox covered how the FBI created fake FedEx site to catch a cybercriminal and other tactics
Amazon announced at Re:Invent: AWS Security Hub where you can get high-priority security alerts and compliance status across AWS accounts
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
We didn’t re:Invent the fire
Just selling computing power charged by the instance-hour…