Critical Thinking - Bug Bounty Podcast

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Oct 24, 2024

Dive into the chaos of the Zendesk incident and its ethical implications. Discover innovative AI tools reshaping cybersecurity practices and their real-world applications. The hosts also discuss the significance of vulnerability reporting and the complexities it involves. With a focus on transparency and communication in the bug bounty community, they ponder the idea of a 'naughty list' for companies mishandling disclosures. Plus, enjoy some light-hearted moments celebrating creativity within hacker culture!

49:29

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Zendesk incident highlights significant flaws in the vulnerability reporting process and calls for improved communication within bug bounty programs.

The importance of scrutinizing third-party software integrations is emphasized, as overlooked vulnerabilities can create critical security risks for enterprises.

Deep dives

The Emergence of Surfacing Security Podcast

The AssetNote team has expanded their outreach by launching a podcast focused on enterprise security and attack surface management. This podcast covers a range of topics, including internet-wide reconnaissance and the implications of third-party software on security posture. The enthusiasm for their research and insights is palpable, as they explore complex subjects such as DNS resolution, showcasing their deep expertise. This platform provides a valuable resource for professionals in the industry, further amplifying the conversation around cybersecurity challenges.

Intro

3min

Tattoos and Tunes: Celebrating Creativity

4min

Innovative Tools in Cybersecurity

3min

AI in Team Organization

4min

Navigating Vulnerability Reporting: Insights from Zendesk's Case

17min

Challenges in Vulnerability Validation and Triage Communication

2min

Navigating Bug Bounty Disputes

16min

Episode 94: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel give their perspectives on the recent Zendesk fiasco and the ethical considerations surrounding it. They also highlight the launch of AuthzAI and some research from Ophion Security

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Hop on the CTBB Discord at https://ctbb.show/discord!

We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.

Today’s Sponsor - AssetNote. Listen to their podcast https://www.criticalthinkingpodcast.io/sspod

Resources:

New music drop from our Boi YT

https://x.com/realytcracker/status/1847599657569956099

AuthzAI

https://authzai.com/

Ron Chan

https://x.com/ngalongc

Misconfigured User Auth Leads to Customer Messages

https://www.ophionsecurity.com/post/live-chat-blog-1-misconfigured-user-auth-leads-to-customer-messages

Zendesk Write-up

https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52

Response from Zendesk

https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52?permalink_comment_id=5232589#gistcomment-5232589

Timestamps

(00:00:00) Introduction

(00:05:29) AuthzAI and the return of Ron Chan

(00:13:50) Ophion Security Research

(00:18:12) Zendesk Drama

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Critical Thinking - Bug Bounty Podcast

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Emergence of Surfacing Security Podcast

Insights on Attack Surface Management

The Complexity of Vulnerability Reporting

The Need for Accountability in Bug Bounty Programs

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Critical Thinking - Bug Bounty Podcast

Episode 94: Zendesk Fiasco & the CTBB Naughty List

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Emergence of Surfacing Security Podcast

Insights on Attack Surface Management

The Complexity of Vulnerability Reporting

The Need for Accountability in Bug Bounty Programs

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights