It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now rely on the technology for day-to-day operations.
Perhaps it’s too melodramatic to claim that the debate over how to define a data breach “rages on” because we haven’t seen bodies flying out of windows yet, but it is a serious question with genuine financial ramifications now that the General Data Protection Regulation (GDPR) and its accompanying fines for mishandling data have arrived to save (and sometimes confuse) the day.
Inti was recently speaking at Detectify Hacker School, an event for customers where we have hacker talks and user cases presented to the audience. Afterwards our security researcher, Linus Särud, sat down with him for a hacker-to-hacker interview discussing how he got into bug bounty, his unconventional bug hunting ways and his take on why the European market is an ocean opportunity for bug bounty hunters.
They say that bad things always come in threes. The adage may testify to little but the popularity of superstition, but for security executives today, this notion regrettably passes muster. Crime, complexity and cost are three foes that every CISO must face, and while most companies think crime is the enemy, in many cases it is the latter two heads of this “cyber-cerberus” that deliver the most certain bite.
Like many things in life, hackers are victims (and I use the word loosely) of stereotyping. You won’t find much stock imagery depicting hackers that doesn’t involve a hoodie, a dimly-lit room and several monitors full of scrolling binary text. And whilst that’s definitely sometimes true, it also makes several assumptions about hackers in general, which is at best misleading and at worst leaves you wide open to attack.
Cross-site scripting (XSS) is a common vulnerability that is carried out when an attacker injects malicious JavaScript into a website, which then targets the website’s visitors. By doing so, the attacker may gain access to users’ cookies, sensitive user information, as well as view and/or manipulate the content that is shown to the user. This is not another article explaining what XSS is, why it is a security issue and how to fix it because we have already covered that.
EdOverflow is known for contributing a bunch of stuff: active in the community, one of the people behind security.txt – a standard for structuring responsible disclosures, bug bounty hunter and a member of Detectify Crowdsource. We got a chance to quiz him about security.txt, his motivates for being involved with hacking communities and why he chooses to report to responsible disclosure programs without bounty rewards.