#107 Niall Merrigan, Hacking, Bug Bounties and Responsible Disclosure
Summary
Niall Merrigan, security researcher tells me about bug hunting and the best hacks he has seen.
Details
Who he is, what he does. Bug hunting, crowd sourcing the hunters, bug bounties, should you invite attacks on production, Hacker One and Bug Crowd. IoT is the most attacked software; smart cars, aircraft. Security.txt. Responsible disclosure, what do if you find a bug, Niall’s experience when reporting a particular bug. Even when bugs are known and acknowledged they are not necessarily fixed; industry code systems, hacks designed to kill. Is every hack is a “sophisticated hack”, the @mat hack. Are you a target for hacks. The most impressive hack Niall has seen. Physical access to device, hak5 rubber duckie. Supply chain injection*. Hacking a cat.
* We recorded this episode before the Super Micro story broke.
Links