209 - Bad Ordering, Free OpenAI Credits, and Goodbye Passwords? | allinfosecnews.com

May 9, 2023, 7:50 p.m. | zi

DAY[0] dayzerosec.com

We open up this weeks bug bounty podcast with a discussion about Google's recent support for passkeys, tackling some misunderstanding about what they are and how open the platform is. Also some talk towards the end about potential vulnerabilities to look out for. Then we dive into the vulnerabilities for the week, involving bypassing phone validation in OpenAI, a bad origin check enabling abuse of a permissive CORS policy, and an order of operations issue breaking the purpose of sanitization …

bad bounty bounty-podcast bug bug bounty dive end free google openai passkeys passwords platform podcast support vulnerabilities

More from dayzerosec.com / DAY[0]

254 - Memory Corruption: Best Tackled with Mitigations or Safe-Languages? 2 weeks, 1 day ago | dayzerosec.com

binary-discussion-podcast cisa corruption languages +8

253 - A Retrospective and Future Look Into DAY[0] 3 weeks, 4 days ago | dayzerosec.com

air change episode future +5

252 - Bypassing KASLR and a FortiGate RCE 2 months, 1 week ago | dayzerosec.com

aslr binary-podcast bypass bypassing +12

251 - RCE’ing Mailspring and a .NET CRLF Injection 2 months, 1 week ago | dayzerosec.com

attack bounty bounty-podcast bypass +9

250 - Future of Exploit Dev 2 months, 2 weeks ago | dayzerosec.com

binary-podcast corruption dev development +12

249 - libXPC to Root and Digital Lockpicking 2 months, 2 weeks ago | dayzerosec.com

android bounty-podcast bypass check +11

248 - Binary Ninja Free and K-LEAK 2 months, 3 weeks ago | dayzerosec.com

automated binary binary ninja binary-podcast +10

247 - Hacking Google AI and SAML 2 months, 3 weeks ago | dayzerosec.com

auth bounty-podcast bypass google +7

246 - Rust Memory Corruption??? 3 months ago | dayzerosec.com

access binary-podcast code corruption +9

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com