RedPacket Security<p>HackerOne Bug Bounty Disclosure: man-in-the-middle-through-broken-ssl-certificate-verification-kinnay - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-man-in-the-middle-through-broken-ssl-certificate-verification-kinnay/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-man-in-the-middle-through-broken-ssl-certificate-verification-kinnay/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.6Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#hackerone
5 posts · 5 participants · 1 post today
Pyrzout :vm:<p>Photos: Black Hat USA 2025 <a href="https://www.helpnetsecurity.com/2025/08/07/photos-black-hat-usa-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/08/07</span><span class="invisible">/photos-black-hat-usa-2025/</span></a> <a href="https://social.skynetcloud.site/tags/BlackHatUSA2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHatUSA2025</span></a> <a href="https://social.skynetcloud.site/tags/VonahiSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VonahiSecurity</span></a> <a href="https://social.skynetcloud.site/tags/PicusSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PicusSecurity</span></a> <a href="https://social.skynetcloud.site/tags/StellarCyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StellarCyber</span></a> <a href="https://social.skynetcloud.site/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://social.skynetcloud.site/tags/CheckPoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CheckPoint</span></a> <a href="https://social.skynetcloud.site/tags/TrendMicro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrendMicro</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/EasyDMARC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EasyDMARC</span></a> <a href="https://social.skynetcloud.site/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://social.skynetcloud.site/tags/KeepAware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeepAware</span></a> <a href="https://social.skynetcloud.site/tags/SpyCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpyCloud</span></a> <a href="https://social.skynetcloud.site/tags/Veracode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Veracode</span></a> <a href="https://social.skynetcloud.site/tags/Elastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Elastic</span></a> <a href="https://social.skynetcloud.site/tags/Gurucul" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gurucul</span></a> <a href="https://social.skynetcloud.site/tags/Pentera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentera</span></a> <a href="https://social.skynetcloud.site/tags/VioletX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VioletX</span></a> <a href="https://social.skynetcloud.site/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://social.skynetcloud.site/tags/Oleria" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oleria</span></a> <a href="https://social.skynetcloud.site/tags/Tines" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tines</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-use-after-free-that-leads-to-arbitrary-write-for-some-versions-letshack/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: unauthorized-disclosure-of-private-emails-via-wakatime-private-leaderboards-ctrl-cipher - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-unauthorized-disclosure-of-private-emails-via-wakatime-private-leaderboards-ctrl-cipher/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-unauthorized-disclosure-of-private-emails-via-wakatime-private-leaderboards-ctrl-cipher/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: integer-overflow-in-schannel-c-tls-data-transmission-kakorrhaphiophobia - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-integer-overflow-in-schannel-c-tls-data-transmission-kakorrhaphiophobia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-integer-overflow-in-schannel-c-tls-data-transmission-kakorrhaphiophobia/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: stack-use-after-scope-in-http-post-request-processing-via-curlopt-postfields-geeknik - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-stack-use-after-scope-in-http-post-request-processing-via-curlopt-postfields-geeknik/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-stack-use-after-scope-in-http-post-request-processing-via-curlopt-postfields-geeknik/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: mozilla-vpn-clients-rce-via-file-write-and-path-traversal-trein - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-mozilla-vpn-clients-rce-via-file-write-and-path-traversal-trein/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-mozilla-vpn-clients-rce-via-file-write-and-path-traversal-trein/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: bypass-no-links-restriction-in-biography-via-protocol-relative-url-yoyomiski - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-bypass-no-links-restriction-in-biography-via-protocol-relative-url-yoyomiski/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-bypass-no-links-restriction-in-biography-via-protocol-relative-url-yoyomiski/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: vulnerability-report-public-exposure-of-security-audit-file-cyph-r-nitro - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-vulnerability-report-public-exposure-of-security-audit-file-cyph-r-nitro/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-vulnerability-report-public-exposure-of-security-audit-file-cyph-r-nitro/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: security-check-up-ejejohn - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-security-check-up-ejejohn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-security-check-up-ejejohn/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-use-after-free-or-assert-triggered-with-failed-allocations-in-openssl-catenacyber/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: mint-oauth-access-token-for-targeted-user-timothyleung - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-mint-oauth-access-token-for-targeted-user-timothyleung/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-mint-oauth-access-token-for-targeted-user-timothyleung/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-gnutls-curlinfo-tls-session-curlinfo-tls-ssl-ptr-type-confusion-nyymi/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
Jonathan Kamens 86 47<p>Oh, also, the email <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> sent out this morning contradicts itself. In the subject it says people have to enable 2FA "to Avoid Account Lockout." Then in the body it says, "Without 2FA set up, you won’t be able to access your account after July 29."<br>But then elsewhere in the body it says, "If you don’t make this change by July 29, 2025, you’ll be prompted to complete the setup before you are able to access the platform and submit reports."<br>That's not "lockout," idiots.<br><a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Jonathan Kamens 86 47<p>All the positive <a href="https://federate.social/tags/userExperience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userExperience</span></a> points <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> earned for how they were rolling out mandatory <a href="https://federate.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> were just erased by them sending out reminder email to all of their users about configuring 2FA without filtering out the users who had already done it.<br>That's some lazy, user-hostile bullshit, is what that is.<br>When you know which users have already followed your instructions, you don't need to waste their time making them go back and check. <a href="https://federate.social/tags/smdh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smdh</span></a><br><a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://federate.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://federate.social/tags/UX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UX</span></a></p>
Jonathan Kamens 86 47<p>P.S. It kind of sucks that <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> has apparently been in the Fediverse as <span class="h-card" translate="no"><a href="https://infosec.exchange/@Hacker0x01" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Hacker0x01</span></a></span> for years but has never posted anything.</p>
Jonathan Kamens 86 47<p>On <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a>'s rollout of mandatory 2FA:<br>➕ They'll soon require 2FA.<br>➖ They should've done it long ago.<br>➕ They don't allow SMS or email as primary 2FA.<br>➖ They allow SMS for 2FA "recovery," making that the weakest link and canceling out the choice not to allow it as primary.<br>➕ They require you to generate recovery codes.<br>➕ They make you enter both a recovery code and a TOTP code to prove you saved everything.<br>➖ They still don't support WebAuthn. Very much not OK!<br><a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://federate.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://federate.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-use-after-free-in-openssl-keylog-callback-via-ssl-get-ex-data-in-libcurl-brobagazzzx/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
RedPacket Security<p>HackerOne Bug Bounty Disclosure: arbitrary-file-read-via-file-protocol-in-curl-mr-tufan - <a href="https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-arbitrary-file-read-via-file-protocol-in-curl-mr-tufan/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redpacketsecurity.com/hackeron</span><span class="invisible">e-bugbounty-disclosure-arbitrary-file-read-via-file-protocol-in-curl-mr-tufan/</span></a></p><p><a href="https://mastodon.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerOne</span></a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OSINT</span></a> <a href="https://mastodon.social/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://mastodon.social/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a></p>
Kevin Lyda<p>Be interesting if <a href="https://mastodon.ie/tags/HackerOne" class="mention hashtag" rel="tag">#<span>HackerOne</span></a> could tag AI slop reports as "Delusory Hallucinations Made Obnoxiously".</p><p>aka <a href="https://mastodon.ie/tags/DHMO" class="mention hashtag" rel="tag">#<span>DHMO</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload