Hacking, AppSec, and Bug Bounty newsletter
2019-01-28 | Supply chain attacks gone wild, Celebrating MOD day, and Preserving the old hacking ways
Monday, January 28
Remember that Bloomberg article about evil chipmakers and supply chain attacks gone wild that was widely criticized as rubbish? While that specific story may actually be rubbish, The Intercept just published an article based on Snowden documents saying basically “everyone’s doing it”: China, Russia, US and US allies conduct "supply chain attacks", where they insert hardware implants into servers and routers before they get shipped to surveillance targets. More from Micah Lee in this tweet thread.
TWEET OF THE DAY
OH: "I was talking to someone who said 'I use 1Password!" And I got really excited. And then I realized they literally meant they use one password. And I got so sad." - @IanColdwater
OTHER ARTICLES WE’RE READING
Undercover agents are targeting Citizen Lab personnel and Associated Press journo @razhael tells the tale on how some Citizen Lab peeps outwitted a group of these undercover operatives, turning the tables on them in a midtown restaurant
January 24th was MOD Day, @acidphreak explains
Preserving the old ways. @thegrugq asks “Does anyone offer a “hacking without exploits” class? Just various ways of compromising a target without having to use specialty software?”
Those blockchain based WAF’s are so hot right now
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
What was hacking like back then? For starters, there were no search engines, and no GitHub repos. No hacker training courses. Yes, there were various flavors of *nix, but AT&T owned the Unix closed source. If you wanted it, you had to find it on a system, hack, and download it.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.