HackDig : Dig high-quality web security articles for hackers

WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here
Publish At:2017-03-09 08:50 | Read:5057 | Comments:0 | Tags:Other Bloomberg Bugcrowd Casey Ellis Center for Cyber Intell

DoD Opens .Mil to Legal Hacking, Within Limits

Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense (DoD), according to a new military-wide policy for reporting and fixing security vulnerabilities. Security researchers are often reluctant to report programming flaws or security
Publish At:2016-11-24 04:35 | Read:4137 | Comments:0 | Tags:Other Alex Rice Bugcrowd CFAA computer fraud and abuse act D

Launching an Efficient and Cost-Effective Bug Bounty Program

Over the last few years, you’ve probably heard a lot about companies launching their own bug bounty programs. Software giants, such as Google, Microsoft, Twitter and Yahoo, as well as hardware-centric companies, such as Tesla, Samsung and even United Airlines, run programs that pay out cash for finding vulnerabilities. As these programs gain popularity, you
Publish At:2015-10-23 14:30 | Read:6055 | Comments:0 | Tags:Featured Articles Vulnerability Management Bug Bounty Bugcro

Bug Bounties in Crosshairs of Proposed US Wassenaar Rules

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward programs.The proposed U.S. rules for the Wassenaar Arrangement pose
Publish At:2015-06-09 13:45 | Read:3441 | Comments:0 | Tags:Google Government Hacks Microsoft Privacy Vulnerabilities We

Pinterest Bug Bounty Program Starts Paying

There’s been a fair bit of news about bug bounty programs in the past year or so, with Twitter officially starting to pay bug bounties at the end of 2014 and Google recently removing the caps from their program and making Pwnium all year round.The latest news is Pinterest bug bounty program has started paying (finally), before this they just offered t-
Publish At:2015-03-19 01:35 | Read:3143 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking bug bounty bugcrowd but

HTTPS Opens Door to Paid Pinterest Bug Bounty

Pinterest’s journey toward becoming a fully HTTPS website opened a lot of doors, including a potentially profitable one for hackers.The social networking site this week announced that it would begin paying cash rewards through its bug bounty program, upping the stakes from the T-shirt it originally offered last May when it kicked off the Bugcrowd-hoste
Publish At:2015-03-18 01:00 | Read:3004 | Comments:0 | Tags:Vulnerabilities Web Security bug bounties Bugcrowd HTTPS htt

Adobe Starts Vulnerability Disclosure Program on HackerOne

Adobe is the latest tech vendor to begin a vulnerability disclosure program, but it seems they’re limping in at the outset.The program launched this week on the HackerOne platform, but there are no cash incentives being offered and certain Adobe products are not in scope for researchers. “Bug hunters who identify a Web application vulnerabilit
Publish At:2015-03-06 16:45 | Read:3051 | Comments:0 | Tags:Vulnerabilities Web Security adobe Adobe bounty Adobe disclo

Don’t Build a Bounty Program; Build an Incentive Program

CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software.Wrong.“The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at HackerOne and architect of Microsoft’s vulnerability
Publish At:2015-02-16 22:15 | Read:2819 | Comments:0 | Tags:Microsoft Security Analyst Summit Vulnerabilities Web Securi

Drupal Patches XSS Vulnerability in Spam Module

Drupal today released an update that patches a cross-site scripting vulnerability in a popular spam and content moderation module used by websites built on the open source CMS.The vulnerability was in a feature of the Mollom module that is installed on at least 60,000 sites, said Drupal security team volunteer Greg Knaddison, director of engineering at Card.
Publish At:2014-09-18 02:20 | Read:3293 | Comments:0 | Tags:Vulnerabilities Web Security bug bounty Bugcrowd cross-site


Tag Cloud