Dissent Doe :cupofcoffee:<p>I just caught up with this one. In case you haven't seen it:</p><p>Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple</p><p><a href="https://www.pcgamer.com/hardware/security-researcher-quips-maybe-its-time-to-get-a-real-job-after-being-paid-meagre-usd1-000-bug-bounty-by-apple/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcgamer.com/hardware/security-</span><span class="invisible">researcher-quips-maybe-its-time-to-get-a-real-job-after-being-paid-meagre-usd1-000-bug-bounty-by-apple/</span></a></p><p>h/t, MSN</p><p><a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
205active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#BugBounty
3 posts · 3 participants · 0 posts today
Doyensec<p>Are you located in the US/EU? Passionate about <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a>? Maybe you follow <a href="https://infosec.exchange/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbountytips</span></a> or are an avid <a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ctf</span></a> player and are ready to take the next step. If so, we're looking for our next <a href="https://infosec.exchange/tags/intern" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>intern</span></a>, so consider applying today - <a href="https://hackers.doyensec.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hackers.doyensec.com</span><span class="invisible"></span></a>.<br><a href="https://infosec.exchange/tags/doyensec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doyensec</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/internship" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internship</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> pays record $17 million in bounties over the last 12 months</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a></p>
Konstantin :C_H:<p>Two criticals. Two known exploited. One a zero-day.<br>July saw a spike in high-severity vulnerabilities.</p><p>Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.<br>For each CVE, I've included a standout post from the community.<br>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CveCrowd</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> now pays up to $40,000 for some .NET vulnerabilities</p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-now-pays-up-to-40-000-for-some-net-vulnerabilities/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/dotNET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dotNET</span></a> <a href="https://mastodon.thenewoil.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a></p>
BobDaHacker 🏳️⚧️ | NB<p>Found critical vulns in Lovense (the biggest sex toy company) affecting 11M+ users. They ignored researchers for 2+ years, then fixed in 2 days after public exposure. 🤦</p><p>What I found:<br>- Email disclosure via XMPP (username→email)<br>- Auth bypass (email→account takeover, no password)</p><p>History of ignoring researchers:<br>- 2017: First recorded case of someone reporting XMPP email leak.<br>- 2022: Someone else reports XMPP email leak, ignored<br>- Sept 2023: Krissy reports account takeover + different email leak via HTTP API, paid only $350<br>- 2024: Another person reports XMPP email leak AND Account Takeover vuln, offered 2 free sex toys (accepted for the meme)<br>- March 2025: I report account takeover + XMPP email leak, paid $3000 (after pushing for critical)<br>- Told me fix for email vuln needs 14 months because "legacy support" > user security (had 1-month fix ready)<br>- July 28: I go public<br>- July 30: Both fixed in 48 hours</p><p>Same bugs, different treatment. They lied to journalists saying it was fixed in June, tried to get me banned from HackerOne after giving permission to disclose.</p><p>News covered it but my blog has the full technical details:<br><a href="https://bobdahacker.com/blog/lovense-still-leaking-user-emails/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bobdahacker.com/blog/lovense-s</span><span class="invisible">till-leaking-user-emails/</span></a></p><p><a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/ResponsibleDisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ResponsibleDisclosure</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
MrTuxracer<p>Remember I wanted to drop more bugs (Pre-Auth RCE, Cookie Forgery etc.) in June?</p><p>Unfortunately, I had to postpone the disclosure because there are still too many vulnerable instances online and the vendor apparently needs to manually patch each one... 🤦♂️</p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Raglan Niall :lk: :tinoflag:<p>Louis Rossman has gone from NY kid repairing customer's Apple products against Apple's wishes to "Right to Repair" and "Right to Own" champion.</p><p>While the actual devices discussed here are trivial, the core point is critical. Like so many other fundamentals of modern society we have to get this right even though it isn't particularly mainstream or sexy.</p><p><a href="https://youtu.be/2zayHD4kfcA?si=DonkeyTrumpet" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/2zayHD4kfcA?si=Donkey</span><span class="invisible">Trumpet</span></a></p><p><a href="https://mastodon.nz/tags/RightToRepair" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RightToRepair</span></a> <a href="https://mastodon.nz/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.nz/tags/RightToOwn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RightToOwn</span></a></p>
sͧb̴ͫƸ̴gͬᵉ<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Weld" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Weld</span></a></span> … AND *actually fix* the found vulns.</p><p>I’ve <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a>:d more than one place where some mgmt 🤡 has suggested starting a <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> program, only to back down with a horrorstricken face when I suggested we fix the vulns *we already know of* and can I please force IT to allocate budget for that? 🙄</p>
Benjamin Carr, Ph.D. 👨🏻💻🧬<p><a href="https://hachyderm.io/tags/AIslop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIslop</span></a> and fake reports are exhausting <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hachyderm.io/tags/bugbounties" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounties</span></a><br>The world of <a href="https://hachyderm.io/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> is not immune to this problem. In last year, people across the cybersecurity industry have raised concerns about <a href="https://hachyderm.io/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://hachyderm.io/tags/slop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>slop</span></a> <a href="https://hachyderm.io/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> reports, meaning reports that claim to have found <a href="https://hachyderm.io/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> that do not actually exist, because they were created with a <a href="https://hachyderm.io/tags/largelanguagemodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>largelanguagemodel</span></a> (<a href="https://hachyderm.io/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a>) that simply made up the <a href="https://hachyderm.io/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a>, and then packaged it into a professional-looking writeup<br><a href="https://techcrunch.com/2025/07/24/ai-slop-and-fake-reports-are-exhausting-some-security-bug-bounties/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcrunch.com/2025/07/24/ai-s</span><span class="invisible">lop-and-fake-reports-are-exhausting-some-security-bug-bounties/</span></a></p>
geeknik<p>Support ethical AI sabotage and open-source resistance. I build Gödel’s Therapy Room to expose LLM failure modes, develop browser tools to kill trackers, and train cognitive adversaries to detect bullshit.<br>Buy me a coffee and join the quantum rebellion.<br>☕ <a href="https://www.buymeacoffee.com/geeknik" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">buymeacoffee.com/geeknik</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/AIethics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIethics</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
nemo™ 🇺🇦<p>curl’s security team is drowning in low-quality “AI slop” reports—now 20% of all submissions, but only 5% are real bugs. The bug bounty program may need big changes to survive this onslaught. Read more on “Death by a thousand slops”: <a href="https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2025/07/14</span><span class="invisible">/death-by-a-thousand-slops/</span></a> 🐞🤖 <a href="https://mas.to/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mas.to/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://mas.to/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
Marcel Waldvogel<p>9️⃣ KI-generierte Meldungen von angeblichen Sicherheitslücken waren schon Thema bei <a href="https://waldvogel.family/tags/DNIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNIP</span></a>. Dort gab es aber wenigstens noch die Erklärung, dass die angeblichen Jäger von Sicherheitslücken auf die Belohnung aus waren, den sogenannten <a href="https://waldvogel.family/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a>. Nun melden aber auch andere Open-Source-Entwickler, dass sie unzählige Fehlermeldungen erhalten, die keinen Realitätsbezug haben. Offen bleibt, wieso hier KI aufs automatische Melden von Fehlern angesetzt wird.</p><p><a href="https://dnip.ch/2025/07/15/dnip-briefing-33-mcpasswort-mit-sicherheitsluecke/#Und-schliesslich" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dnip.ch/2025/07/15/dnip-briefi</span><span class="invisible">ng-33-mcpasswort-mit-sicherheitsluecke/#Und-schliesslich</span></a></p>
daniel:// stenberg://<p>Death by a thousand slops</p><p><a href="https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">daniel.haxx.se/blog/2025/07/14</span><span class="invisible">/death-by-a-thousand-slops/</span></a></p><p><a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
knoppix<p>13-year-old Dylan is now the youngest researcher in Microsoft’s Bug Bounty Program 🛡️</p><p>He found key bugs in Teams and Authenticator, helping improve security 🔍</p><p>Microsoft updated rules to include researchers as young as 13, promoting youth involvement in cybersecurity 🌐</p><p>A strong example of fostering talent and responsible disclosure 🤝</p><p><a href="https://windowsreport.com/microsofts-youngest-bug-bounty-hacker-is-just-13-and-already-making-waves/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">windowsreport.com/microsofts-y</span><span class="invisible">oungest-bug-bounty-hacker-is-just-13-and-already-making-waves/</span></a></p><p><a href="https://mastodon.social/tags/Wndows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wndows</span></a> <a href="https://mastodon.social/tags/Windows10" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows10</span></a> <a href="https://mastodon.social/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/Hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hack</span></a> <a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://mastodon.social/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/DigitalSafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSafety</span></a> <a href="https://mastodon.social/tags/Bug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bug</span></a></p>
Socket<p>🚨 New open source AI <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> framework outperforms humans in both speed and cost. It handles pen testing tasks like scanning and exploitation 3,600× faster and reduces costs by 156×. </p><p><a href="https://socket.dev/blog/open-source-framework-pen-testing-3600x-faster" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/open-source-fr</span><span class="invisible">amework-pen-testing-3600x-faster</span></a> <a href="https://fosstodon.org/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://fosstodon.org/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
Tim Hergert<p>When a company doesn't adhere to RFCs 2142 or 9116, but you still tryna reach out. </p><p>A tale in two acts. </p><p><a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/BountyBegging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BountyBegging</span></a> <a href="https://infosec.exchange/tags/RFC2142" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC2142</span></a> <a href="https://infosec.exchange/tags/RFC9116" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC9116</span></a></p>
Konstantin :C_H:<p>CVE Crowd's Top 3 Vulnerabilities from June!</p><p>These stood out among the 528 CVEs actively discussed across the Fediverse.</p><p>For each CVE, I’ve included a standout post from the community.</p><p>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVECrowd</span></a></p>
ITSEC News<p>The AI Fix #57: AI is the best hacker in the USA, and self-learning AI - In episode 57 of The AI Fix, our hosts discover an AI “dream recorder”, Mark Zuckerberg t... <a href="https://grahamcluley.com/the-ai-fix-57/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">grahamcluley.com/the-ai-fix-57</span><span class="invisible">/</span></a> <a href="https://schleuss.online/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>artificialintelligence</span></a> <a href="https://schleuss.online/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://schleuss.online/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a> <a href="https://schleuss.online/tags/theaifix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>theaifix</span></a> <a href="https://schleuss.online/tags/chatgpt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatgpt</span></a> <a href="https://schleuss.online/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a> <a href="https://schleuss.online/tags/openai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openai</span></a> <a href="https://schleuss.online/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a></p>
Konstantin :C_H:<p>I recently ran into an interesting discrepancy:</p><p>What you see below are 120-bit Session IDs, one printed as hex and one in the format of a <a href="https://infosec.exchange/tags/UUIDv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UUIDv4</span></a>.</p><p>After validating their randomness, I would classify the first as secure but raise concerns about the second.</p><p>Why?</p><p>Well, according to RFC 4122:</p><p>"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."</p><p>And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.</p><p>What do you think? Is this nitpicking? Or a valid security nuance?</p><p>Does the format in which data is displayed have an impact on its security?</p><p>I'd love to hear your thoughts.</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload