Hacking, AppSec, and Bug Bounty newsletter
2019-02-15 | Dirty sock, How Tinder becomes a weapon, and 188 database connection strings
Friday, February 15
Good question posed by @marcusjcarey: As a cybersecurity pro, what’s your biggest day-to-day pain point?
TWEET OF THE DAY
SSRF at an endpoint looking for a valid YouTube url. http://127.0.0.1:80 doesn’t work but http://127.0.0.1:80?http://youtu.be/dQw4w9WgXcQ works - @rohk_infosec
OTHER ARTICLES WE’RE READING
Reddit serviced 2x the number of government data requests in 2018 as they reported in their transparency report
Well that’s confidence inspiring. Prosecutors have misplaced hard drives from a case against a CIA computer engineer accused of leaking government secrets
From dirty cow to now dirty sock, Linux vulnerability lets attackers gain root
Fooled ya. AI writes convincing prose, could take #fakenews to new level
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
We have not actually ever seen a true, in depth forensic analysis to see if [electronic voting] machinery has been compromised, AFAIK. Vendors have fought access fiercely in lawsuits in GA, WI, PA, etc