all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

209 - Bad Ordering, Free OpenAI Credits, and Goodbye Passwords?

Add to bookmarks
May 9, 2023, 7:50 p.m. | zi

DAY[0] dayzerosec.com

We open up this weeks bug bounty podcast with a discussion about Google's recent support for passkeys, tackling some misunderstanding about what they are and how open the platform is. Also some talk towards the end about potential vulnerabilities to look out for. Then we dive into the vulnerabilities for the week, involving bypassing phone validation in OpenAI, a bad origin check enabling abuse of a permissive CORS policy, and an order of operations issue breaking the purpose of sanitization …

bad bounty bounty-podcast bug bug bounty dive end free google openai passkeys passwords platform podcast support vulnerabilities

Visit resource

More from dayzerosec.com / DAY[0]

252 - Bypassing KASLR and a FortiGate RCE 1 month, 1 week ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 1 month, 2 weeks ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 1 month, 2 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 1 month, 3 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 1 month, 3 weeks ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 1 month, 4 weeks ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 2 months ago | dayzerosec.com
access binary-podcast code corruption +9
245 - A PHP and Joomla Bug and some DOM Clobbering 2 months ago | dayzerosec.com
api bounty-podcast bug cache +15
244 - Linux Burns Down CVEs 2 months, 1 week ago | dayzerosec.com
binary-podcast cves down fuzzing +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs