New ask Hacker News story: Cloudflare Security Mistriages on Account Takeover

Cloudflare Security Mistriages on Account Takeover
2 by matured_kazama | 0 comments on Hacker News.
I'm a top hacker for Cloudflare and the continuous declining level of their bug bounty assessment has made me very concerning. I submitted an 1-click Account Takeover on their VIP program, apart the previous ones which were assessed as High Severity. But the recent one is downgraded to Low Severity due to phishing, even when the High Severity issue also required phishing. I mean 1-click ATO do require phishing bro. This is the second incident after their publicly acked mishandled triaging of https://ift.tt/AUgD8ck I do not know what's happening to them, but they are declining to provide answers, even privately/publicly. Also, they publicly boasts of their new VIP program: https://ift.tt/kaQSuF8 but when submitting this recent report to it, they forwarded it to the public program.

Comments

Post a Comment

Popular posts from this blog

How can Utilize Call Center Outsourcing for Increase your Business Income well?

Image
Call center outsourcing is not uncommon however, not every company can live up to the expectations of a great client. The service provider should have the ability to assist you obtain access to new abilities and competences in order to help you achieve efficiency and effectiveness in your company. Digital office providers assist business in providing unique, innovative solutions that are intended to custom-fit your personal small business needs. Some back office service providers also have fully-developed outbound calling and telemarketing services that you can utilize. The world has taken a huge leap with the technological revolution. What was impossible before now seems to be a matter of seconds. As we see more and more start-ups and digital companies emerging, we need to understand how we can account the rising number of BPO companies that can be helpful to us. Running a call center internally may be an expensive affair particularly when it...
Read more

New ask Hacker News story: EVM-UI – visual tool to interact with EVM-based smart contracts

EVM-UI – visual tool to interact with EVM-based smart contracts 21 by magnusgraviti | 8 comments on Hacker News. Hey HN! We've built https://evm-ui.com, a free tool that allows you to interact with smart contracts visually. It started as an internal project while building Web3 apps for clients — we needed something more flexible and lightweight than Remix or Etherscan's UI. Unlike Etherscan or Polygonscan, you don't need to verify and open-source your smart contract to get a working UI. Paste the ABI (or load it from a template) and proceed. With EVM-UI, you can - Import contracts by address + ABI, or paste ABIs directly - Read/write functions with auto-generated UI (supports all Solidity types, including arrays) - Execute actions with smart inputs (dropdowns, min/max helpers, etc.) - Switch between EVM chains, testnets, or local RPCs within one workspace - Use developer tools (Keccak256, ABI encoder/decoder, address utils) - Share environments with your team and your cl...
Read more

New ask Hacker News story: Ask HN: Should I quit my startup journey for now?

Ask HN: Should I quit my startup journey for now? 2 by lkuebler | 4 comments on Hacker News. One year ago I started as an intern at a start-up. Things evolved and we are now a team of two-founders and one developer (me). We are running out of money and so my bosses chose to not pay themselves and myself a salary. What can I do to get reimbursed for my work at the startup? Currently there's not much work for me but if the other two guys manage to close the ongoing funding round in approx. 3 months they want to hire me full-time. Can I demand equity from them in advance to assure my piece of the cake once the money has arrived? The answer they gave me to this was they would give me the shares once the round is closed. But this is only good for them, not for me. Right? I am very new to start-up things and really don't know how to act. Feel free to share your experiences with getting shares as one of the first employees in a start-up.
Read more