A bug bounty hunter found a way to login using “Sign in with Apple”… but without the part where you have to put in a password.
Tag Archives: responsible disclosure
Let’s make ransomware MORE illegal, says Maryland
… with a clumsily worded proposed bill that wouldn’t protect researchers.
Google’s Project Zero highlights patch quality with policy tweak
Google’s Project Zero bug-hunting team has tweaked its 90-day responsible disclosure policy to help improve the quality and adoption of vendor patches.
HackerOne pays $20,000 bounty after breach of own systems
In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.
Uncle Sam opens arms to friendly hackers
All you bug hunters out there are about to get a nice Christmas gift – the US federal government finally wants to hear from you.
TOMS hacker tells people to log off and enjoy a screenless day
TOMS seems like a really nice shoe company, and it just got hacked in a really nice way. But it’s still a hack.
Microsoft’s battle with SandboxEscaper zero days turns into grim Groundhog Day
Why is SandboxEscaper releasing vulnerabilities in such an irresponsible way? It matters not – Microsoft must patch what’s in front of it whatever the backstory.
Trading site data leak sprayed out keys to users’ accounts
A trader believes he could easily have obtained admin access to the site and potentially have stolen the funds of its 600,000 users.
Logitech flaw fixed after Project Zero disclosure
The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options.
Ranting researcher publishes VM-busting zero-day without warning
A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the infosecurity industry.