Friday, May 17
Note from the editor: My friend Chris Holt, Senior Bug Bounty Operations Lead at Verizon Media, is doing a webinar with HackerOne. He’s one of the best at what he does, I think you’d get a lot out of his talk. You can register here… Now on to our regularly scheduled programming.
TOP STORY
What a week. ZombieLoad attack, Thangrycat, Windows patched a vulnerability related to WannaCry-like malware, and Google’s got an unpatched issue affecting Titan Keys. Oh, and there was that WhatsApp RCE. What can you do but have a good sense of humor like @dcuthbert.
HACKTIVITY HIGHLIGHTS
DoS on the Issue page by exploiting Mermaid [70 upvotes] - $3,000 bounty for this report to GitLab by @8ayac
Twitter ID exposure via error-based side-channel attack [22 upvotes] - $1,470 bounty for this report to Twitter by @terjanq.
TWEET OF THE DAY
Interesting. Thanks for the new <portal> element of Google (https://web.dev/hands-on-portals …) you can navigate to top-level data: URI again! - @SecurityMB
OTHER ARTICLES WE’RE READING
Cybersecurity for the public interest by Schneier. @CableJ shared some thoughts: “Hackers want to do good. How do we make opportunities, both on the technical and policy sides, for this to happen?”
Since GDPR went into effect: 206,326 total cases comprising 94,622 complaints, 64,684 data breach notifications, 47,020 other. More from Alec Stapp including the full report
What the $*#!? Come on now, Bloomberg
Renee Dudley and Jeff Kao at Prop Publica have a great in-depth piece on how two data recovery firms promised help - instead, they typically paid the ransom and charged victims extra.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
That is the idea that there exists a sphere of life that should remain outside public scrutiny, in which we can be sure that our words, actions, thoughts and feelings are not being indelibly recorded. This includes not only intimate spaces like the home, but also the many semiprivate places where people gather and engage with one another in the common activities of daily life — the workplace, church, club or union hall.”