By @edent · Bug Bounty money · 2 comments · 750 words · read ~168 times.
Google has recently increased the price it pays out to security researchers who responsibly disclose a vulnerability. That got me thinking. Is money the best thing with which to reward people?1 There's an interesting (if a little silly) economics paper about why gift giving is inefficient. The crux of the argument, as I understand it, […]
Continue reading →By @edent · bug Bug Bounty google Responsible Disclosure security · 1 comment · 550 words · read ~1,342 times.
Chrome for Android had a flaw which let one tab draw over another - even if the tabs were on completely different domains. A determined attacker might have been able to abuse this to convince a user to download and installed a spoofed app. See Chrome Bug #1242315 for details. Demo Here's a video of […]
Continue reading →By @edent · Bug Bounty Responsible Disclosure security xss · 3 comments · 300 words · read ~673 times.
I've spent two months trying to report this issue to Getty images. They haven't responded to my emails, phone calls, Tweets, or LinkedIn messages. I've tried escalating through OpenBugBounty and HackerOne - but still no response. I've taken the decision to fully disclose this XSS because the Getty Images sites accept payments from users - […]
Continue reading →By @edent · Bug Bounty HTML5 Responsible Disclosure security · 550 words · read ~834 times.
The HTML5 specification is complicated. I've been an author on it, and even I couldn't tell you all the weird little gotchas it contains. Between that and "idiosyncratic" browser engines, it's a wonder the world wide web works at all. Let's talk about the humble <meta> element. As its name suggests, it contains metadata about […]
Continue reading →By @edent · Bug Bounty dns google Responsible Disclosure security · 13 comments · 450 words · read ~33,027 times.
tl;dr Google forgot to renew a domain used in their documentation. It was mildly embarrassing for them. And possibly a minor security concern for some new G-Suite domain administrators Background Choosing a good example domain, to use in documentation, is hard. You want something which is obviously an example, so that users understand they have […]
Continue reading →By @edent · Bug Bounty mobile NaBloPoMo security three xss · 4 comments · 500 words · read ~618 times.
Here's a quick write-up of a minor XSS (Cross Site Scripting) vulnerability on the website of Three.co.uk - one of the UK's mobile providers. A brief recap... Most websites have a search function. If you search for something which cannot be found, the site will often say "No results found for XYZ." If we can […]
Continue reading →By @edent · Bug Bounty email hack Responsible Disclosure security · 1 comment · 400 words · read ~621 times.
There's a new bug bounty provider in town! The Belgian company Intigriti. This is a quick write-up of how I found a trivial bug in their own system. The EU has announced that it is providing funding for bug bounties on critical open source projects. They've split the programme between HackerOne and Intigriti. I signed […]
Continue reading →By @edent · Bug Bounty hacking oauth security twitter · 4 comments · 400 words · read ~15,935 times.
Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and […]
Continue reading →By @edent · Bug Bounty cloudflare NaBloPoMo security · 2 comments · 450 words · read ~549 times.
CloudFlare claim they want to secure the web - but they seem more interested in tracking their customers than giving them decent security. Upon registering with the Internet giant, users are encouraged to confirm their email addresses. So far, so standard. This is the confirmation message CloudFlare sends out: Looks good! Hey! I wonder where […]
Continue reading →By @edent · Bug Bounty security udacity · 2 comments · 350 words · read ~977 times.
Look, I know your company wants metrics. I know your boss wants to see the exact percentages of people who click on links in your emails. Your sales team are desperate to track conversions. Someone wants to optimise your funnel for reasons which are unclear to you, a lowly engineer. So you make the mistake […]
Continue reading →