Hacking, AppSec, and Bug Bounty newsletter
2019-03-15 | Hacker Beto, RCE on Steam Client via buffer overflow, and $10K Facebook bug
Friday, March 15
Beto: CDC member. Hacker. US Presidential hopeful. Reuters’ Joseph Menn writes a detailed and interesting profile on former US Congressman from Texas, Beto O’Rourke.
RCE on Steam Client via buffer overflow in Server Info [57 upvotes] - $18,000 bounty for this report to Valve Software by @vinnievan and @0xacb
Persistent XSS on keybase.io via "payload" field in `/user/sigchain_signature.toffee` template [50 upvotes] - $3,000 bounty for this report to Keybase by @jordanmilne
TWEET OF THE DAY
True story. “Decaf coffee only works if you throw it at people.” - @amyengineer
OTHER ARTICLES WE’RE READING
Android Q Beta has some new privacy features
Challenges that cause CISO’s to fail by Gary Hayslip
$10k Facebook bug: "Make someone moderator of the group using analyst role"
RIPS Tech asks, Can you spot the vulnerability?
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
It’s hard to believe that we might even see a hacker run for president.