alt Hacker NewsWhere was the pen testing?
Who is charge of security over there?
There need to be some answers, this is such an obvious and easily exploited security hole we need to ask what else is leaking from them?
Good that they fixed it quickly.
Where was the pen testing?
Who is charge of security over there?
There need to be some answers, this is such an obvious and easily exploited security hole we need to ask what else is leaking from them?
Good that they fixed it quickly.
A bug bounty might be viewed as a 24/7 pentest conducted by everyone in the world willing to work for the bounty price.
While you're waiting a few days for steve to get back from vacation and approve the PO for a pentesting contract, everyone else in the world is already pentesting your systems anyways.
Doesn't look like Verizon has bug bounties, so I guess we're lucky that the person who found this one was willing to work for free.