Profile picture
, 4 tweets, 2 min read
My Authors
Read all threads
Slack, used by millions and millions for mission-critical design chats, DevOps, security, mergers, and acquisitions, hell the list is endless.

The flaws found by this researcher result in the execution of arbitrary commands on user's computer.

The TL;DR is wow
For all that effort, they got awarded $1750

Seventeen Hundred and FIFTY bucks.

@SlackHQ firstly the flaws are a rather large concern, I mean validation is hard but come on, then pay properly, please.

Because this would be worth much more on exploit.in
Full bug details here

hackerone.com/reports/783877

Good work oskars!
I'd really like to know the total amount of hours spent to find those bugs, including reporting them.
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Daniel Cuthbert

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @dcuthbert see all

Profile picture
Daniel Cuthbert
@dcuthbert
Car hacking is all the rage at the moment, but having done a lot of car hacking, I'm seeing a rather strange push towards trying to 'pwn' them using traditional means and methods that actually don't work with cars like people think they do.
Now sure, you can own the infotainment system using a complex chain of issues all carefully aligned, on a Saturday with the driver wearing a hat but for me, that's not car hacking (don't @ me).

What car hacking for me is taking original spec and modifying it to do other things
Yes, finding vulns is important but so is exploring the various networks, how they are built, and what they can interact with and also, really importantly, sharing that knowledge with others.

To me that's hacking.
Read 12 tweets
Profile picture
Daniel Cuthbert
@dcuthbert
More nerd hour bits have arrived. Thanks to friends in Germany who've sent me a V12 coil pack to test a theory that they can be repaired. Mercedes-Benz charge £1600 for one and you need two, which makes it a very expensive piece that breaks due to cheap components. Image
What usually fails are capacitors and MOSFETs due to poor choice of components used and the high heat kicked out from the M275 5.5 twin-turbo engine.

This is exciting
Wife's out and I've got a few hours, so what better to tear this open and have a look.

Made by Temic, the M275 engine has two of these. V12 with two spark plugs per valve, hence 24 coils.

She uses NGK Iridium IX as they are just amazing, so having a good coil pack is vital
Read 40 tweets
Profile picture
Daniel Cuthbert
@dcuthbert
Magnum have finally issued a statement on allegations that they were selling images of children being abused.

magnumphotos.com/newsroom/state…

the statement, which is welcomed, will see them auditing their archive (which I'd hope most agencies started to do as a result). It also
brings up the notion of ethics in photography and documentary photography.

Olivia Arthur was quoted as saying

"In that period standards for what has been acceptable have evolved. Issues and questions that were previously overlooked, have to be addressed."
Now I fully agree that what was once acceptable might not be so today, but child abuse and exploitation of children was never acceptable.

Today I had a great chat with someone on the ethics of photography. I feel myself incredibly privileged to have been taught by some of the
Read 11 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!