Friday, March 22
TOP STORY
Post it notes would be better. Krebs on Security published a detailed story about how Facebook stored millions of passwords in plain text for well, a long time. Also, just earlier this week, Motherboard reported about how a server misconfiguration issue at Science and Grant firm Elsevier left users’ passwords accessible online.
HACKTIVITY HIGHLIGHTS
SQL injection in [redacted] via User-agent [1 upvote] - $2,000 bounty for this report to TTS Bug Bounty by @harisec
url that twitter mobile site can not load [60 upvotes] - $1,200 bounty for this report to Twitter by @seifelsallamy
TWEET OF THE DAY
Since the industry is unable to offer ROI, it must sell fear instead. And it’s really good at it too. $100B+ annually. - @jeremiahg
OTHER ARTICLES WE’RE READING
44Con 2018 content published. See the full youtube playlist, highlighted talk: Up your bug bounty game with Catch Me If you Can by @infosec_au and @mgianarakis
Telecom fraud costs over $33 billion per year according to the Cyber-Telecom Crime Report 2019, published by Europol and Trend Micro.
Ars Technica’s Dan Good writes about implanted devices from Medtronic that can have their firmware rewritten
New York Times dug into the new era of privatized spying
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
The assumption used to be that when you left the N.S.A., you’d never do that kind of offensive work again. Now, clearly there is a market for it.”