HackDig : Dig high-quality web security articles for hackers

No password required! “Sign in with Apple” account takeover flaw patched

byPaul DucklinA security reseacher from Delhi in India is a tidy $100,000 richer thanks to a bug bounty payout from Apple for an account takeover flaw that he discovered in the Sign in with Apple system.Bhavuk Jain, a serial bug bounty hunter, has described how he found the sort of bug that leaves you thinking, “It can’t have been that simple!
Publish At:2020-06-01 11:53 | Read:331 | Comments:0 | Tags:Apple Vulnerability responsible disclosure security bypass s

Reviving the Forgotten Principle of Responsible Disclosure

In today’s vulnerability market, vendors want to squeeze every ounce of publicity out of their security researchers. As a result, responsible disclosure often falls by the wayside.The same is true of independent researchers in search of their 15 minutes of fame. A fatal flaw in a major product is akin to Kennedy’s dream of landing a man on the moon. You want
Publish At:2016-08-02 00:25 | Read:8562 | Comments:0 | Tags:Featured Articles Vulnerability Management responsible discl

Determining the Responsibility of a Vulnerability Disclosure

There are currently ongoing discussions about vulnerability disclosures and what is right, what is responsible and who has the interest of securing the Internet from the evils of bad coding or software design. Much of this is a good discussion, while some of it is a rehash of old arguments. The last seminal work on disclosures was performed by the National I
Publish At:2015-04-07 01:20 | Read:3388 | Comments:0 | Tags:Application Security Software & App Vulnerabilities CERT/CC

Made for Headlines: Do Designer Vulnerabilities Compromise Security?

We have come to a precarious place in security research where the volume of vulnerability disclosures is making it difficult to prioritize not just what to patch first, but also what to prepare for that nerve-wracking five-minute elevator trip with the CEO, who undoubtedly heard about the latest Heartbleed over his or her morning coffee. In the age of design
Publish At:2015-03-26 01:00 | Read:3962 | Comments:0 | Tags:Software & App Vulnerabilities Apache Cordova Cybersecurity

CTO Insights: Light Can Keep the Dark at Bay

We are all afraid of the unknown.  Why? Because we all want to be in control of our lives: what career path to take, how to deal with our finances, where to go for a vacation. We like certainty. We love to know what’s ahead of us. We are hard wired like this. As far as technology is concerned, we don’t know what the next innovation would be like—how a produc
Publish At:2015-02-09 21:25 | Read:2965 | Comments:0 | Tags:CTO Insights Vulnerabilities responsible disclosure

GitHub Doubles Down on Maximum Bug Bounty Payouts

Almost a year to the day since Github announced its bug bounty program, the Git repository said yesterday that it will double its maximum payout to $10,000.Ben Toews, a GitHub staffer, said yesterday that since the launch of the GitHub Security Bug Bounty, 73 previously unknown vulnerabilities have been patched.“Of 1,920 submissions in the past year, 8
Publish At:2015-01-29 20:05 | Read:2676 | Comments:0 | Tags:Featured Vulnerabilities Web Security Ben Toews bug bounty p

Round 2: Google Deadline Closes on Pair of Microsoft Vulnerabilities

Two more unpatched Windows vulnerabilities on Thursday crossed into the public domain after the expiration of Google Project Zero’s self-imposed 90-day waiting period before disclosing bug details.Microsoft will patch only one of the vulnerabilities—in the upcoming February Patch Tuesday security bulletin release—while both sides agree the second flaw
Publish At:2015-01-16 19:25 | Read:2965 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security Chris Betz coordinate

The Responsible Disclosure Policy: Safeguard or Cybercriminal Siren Song?

From Heartbleed to Shellshock and Poodle to Backoff, this has been a banner year for software vulnerabilities. Despite their appearance on myriad devices across a host of industries and operating systems, these threats share a common thread: They’ve all been disclosed to the public. The ensuing security fallout has some experts wondering whether a resp
Publish At:2014-12-26 19:15 | Read:4052 | Comments:0 | Tags:Application Security Data Protection Identity & Access Mobil

SSCC 168 - Amaze your friends by ruining all their USB drives! [PODCAST]

Sophos Security Chet Chat - Episode 168 - October 8, 2014News, opinion, advice and research!Here's our latest security podcast, featuring Sophos experts and Naked Security writers Chester Wisniewski and Paul Ducklin.(Audio player above not working? Download the MP3, or listen on Soundcloud.)In this episode of the Chet Chat [0'36"] BadUSB - now with Do-It-Yo
Publish At:2014-10-09 01:30 | Read:4613 | Comments:0 | Tags:Data loss Featured Malware Podcast Privacy Vulnerability bad

Tools

Tag Cloud