Ethical Disclosure
DoorDash email spoofing vulnerability sparks messy disclosure dispute
A vulnerability in DoorDash’s systems could allow anyone to send “official” DoorDash-themed emails right from company’s authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious dispute has erupted between the researcher who reported the vulnerability and the company, with both sides accusing each other of acting improperly. Anyone could send ‘official’ DoorDash […]
Researchers find SQL injection to bypass airport TSA security checks
Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access […]