Hacking, AppSec, and Bug Bounty newsletter
2019-04-12 | Hacktivity Highlights, Certain Android phones can now double as security keys, and Sequential Import Chaining
Friday, April 12
RCE and Complete Server Takeover of █████.starbucks.com.sg/ [78 upvotes] - $4,000 bounty for this report to Starbucks by @spaceraccoon
Insufficient OAuth callback validation which leads to Periscope account takeover [78 upvotes] - $5,040 for this report to Twitter by @filedescriptor
Bypass of GitLab CI runner slash fix in YAML validation [90 upvotes] - $12,000 bounty for this report to GitLab by @ngalog
OTHER ARTICLES WE’RE READING
ReplyAll’s latest episode pits Roman Mars versus a 2016 Mazda sedan
What’s going to happen to Assange? Politico has some good context
Who needs a Yubikey when you have an Android 7? Krebs details Google’s latest announcement that any Android phones can now double as security keys
The New York Times’ privacy project. Scroll to the bottom and you can also subscribe to Charlie Warzel’s limited-run newsletter. Reminds me of a great quote I recently wrote down from a West Wing Season 1 Episode: “The 20s and 30s it was the role of government, 50s and 60s it was civil rights, the next two decades are going to be privacy. I’m talking about the internet, I’m talking about cell phones, I’m talking about who’s gay and who’s not. And moreover, in a country born of the will to be free what could me more fundamental than this.” - Aaron Sorkin spoken by Sam Seaborn in the West Wing Season 1 Episode 9 aired in 1999
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
If you have 5th generation wireless infrastructure, do you want a nation that doesn't have respect for the rule of law, that doesn't have a series of norms, and has a very, very concerted effort to partner both their government and their private sector together to make sure that the government's will is being done — do you want that in the infrastructure that runs your economy, your national security, your social communications?