#togetherwehitharder
Explore tagged Tumblr posts
Video
instagram
One of the best examples of Human spirit & Inclusive Society.... Free spirites Children in every field are better teachers...... #SaturdayMorning #togetherwehitharder #togetherstronger #differentlyabledsuperhumans #teaching https://www.instagram.com/p/B6nr4bhlxfQ/?igshid=1w0hqm75kjibz
2 notes
·
View notes
Photo
#RodElliott #RedShaman #RaiseTheBar #togetherwehitharder #TheSqueeze #TheBlandRule https://www.instagram.com/p/B4-RmMRn9Ei/?igshid=1r856b5aegvdk
0 notes
Photo
. . . . . #mondaythoughts #MondayMotivaton #TogetherWeCan #togetherwehitharder #snowflakes https://www.instagram.com/p/B2xJqknB06C/?igshid=14txmfdx3vghf
0 notes
Video
We are cooking something for you guys!!! Don't miss the opening of a solo art exhibition by @olivierkwitonda_arts @thehutrwanda on Friday June 30,2017 at 6:00pm to 10:00pm!!! #artexhibition #livemusic #talents #togetherwego #togetherwehitharder #art #contemporaryart #rwandanart #africanart @officialvieews @myafrikart @theafricangallery #my250 #livinginkigali #rwandalicious @ismaelngarambe let's go and burn the stage bro!!! (at Kwitonda_arts)
#togetherwehitharder#artexhibition#art#rwandanart#livinginkigali#livemusic#africanart#my250#talents#togetherwego#contemporaryart#rwandalicious
0 notes
Text
I got emails - G Suite Vulnerability
After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third party applications were found to be vulnerable including G Suite.
The initial research of this vulnerability started when investigating a vulnerability on whatsapp.net. It was interesting to see that whatsapp.net had its DNS in following manners (Image attached)
Based on this we can see that the MX setup is through Google specifically through G Suite.
Next, I went to G Suite signup page, and then signed up for the domain which created email id [email protected]. At first, this did not bring any security risk because for G Suite to properly work, a domain ownership verification is required so going to gmail.com would show the following screen.
This shows that without domain verification nothing could be done. However when looking up how forwarding and routing was done with G Suite I found this document by Google: https://support.google.com/a/answer/2368153?hl=en
This stated that one could set a routing by using the Default Routing tab in Gmail Advanced settings located at G Suite. This should still require domain verification. However, it did not.
It did not take much work after that to set the route in the following manners:
Next, I decided to send a test email to [email protected] which then arrived to my private email. Once that was verified to work I submitted the report to Facebook Security team through https://facebook.com/whitehat. Facebook fixed it in about 4 days of the report being sent.
Next, I found similar issue on Yelp through their yelp-support.com domain. Once I found the vulnerability on Yelp I realized this could be more wide spread than I had originally thought so I reached out to Google security team and reported it to their team as well.
In about 1 day of my report, Google fixed the issue from their side so now when trying to use Gmail’s advanced settings without verification domains will give the following alert:
“We are unable to process your request at this time. Please try again later. (Error #1310)”
In the end, this vulnerability was fixed by Facebook, Google and Yelp by January 31, 2017.
Thanks to Google, Facebook and Yelp for the generous bounty amount.
Blog post by: uranium238
0 notes
Text
RT @lukerodgers90: Well this was a nice surprise to wake up to. I was awarded a $7,500 bounty on @Hacker0x01. Thanks #magento! I'll see if I can post details when it's patched. https://t.co/1xOvtQ1kUz #TogetherWeHitHarder #bugbounty #Hack https://t.co/BOBxdJnCfN
Well this was a nice surprise to wake up to. I was awarded a $7,500 bounty on @Hacker0x01. Thanks #magento! I'll see if I can post details when it's patched.https://t.co/1xOvtQ1kUz #TogetherWeHitHarder #bugbounty #Hack pic.twitter.com/BOBxdJnCfN
— Luke Rodgers (@lukerodgers90) March 31, 2019
from Twitter https://twitter.com/fbeardev
0 notes
Photo
#RodElliott #RedShaman #RaiseTheBar #togetherwehitharder #TheSqueeze #TheBlandRule (at Town of Smiths Falls) https://www.instagram.com/p/B47wj5fnSVF/?igshid=jdtsogok14fs
0 notes
Photo
https://youtu.be/g4KVcV_rMwY #RaiseTheBar #RodElliott #RedShaman #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0nYTaqnWz2/?igshid=1mhj7e2f0oxfe
0 notes
Video
instagram
https://youtu.be/h1mRkzTOuzk #TheSqueeze #TheBlandRule #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0nfC7IHFLZ/?igshid=es4zy8f8q12c
0 notes
Video
instagram
https://youtu.be/2uFNfBGC72Q #Blink #thetippingpoint #whatthedogsaw #RedShaman #RodElliott #RaiseTheBar #legacy #togetherwehitharder (at Smiths Falls, Ontario) https://www.instagram.com/p/B0e_F3CHzZH/?igshid=1ijfjz4d4gvnf
0 notes