Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

Security Radar 7 #559

Closed
gratipay-bot opened this issue Apr 3, 2016 · 7 comments
Closed

Security Radar 7 #559

gratipay-bot opened this issue Apr 3, 2016 · 7 comments
Labels
bot/Radar Security

Comments

@gratipay-bot
Copy link

← Security Radar 6

Docs

http://inside.gratipay.com/howto/sweep-the-radar

Scope

This radar covers Gratipay's security program, including:

Queue

Unclear Risk

https://hackerone.com/reports/117195

Severe Risk
Moderate Risk

https://hackerone.com/reports/127218
https://hackerone.com/reports/128844

Mild Risk

https://hackerone.com/reports/76304
https://hackerone.com/reports/80907
https://hackerone.com/reports/90805
https://hackerone.com/reports/108645
https://hackerone.com/reports/109161

https://hackerone.com/reports/111325
https://hackerone.com/reports/117187
https://hackerone.com/reports/117739
https://hackerone.com/reports/117984
https://hackerone.com/reports/118023

https://hackerone.com/reports/118699
https://hackerone.com/reports/123688
https://hackerone.com/reports/123697
https://hackerone.com/reports/128121

Theoretical Risk

https://hackerone.com/reports/78151
https://hackerone.com/reports/90777
https://hackerone.com/reports/116147
https://hackerone.com/reports/117142
https://hackerone.com/reports/117330

https://hackerone.com/reports/117386
https://hackerone.com/reports/117833
https://hackerone.com/reports/120026
https://hackerone.com/reports/123742
https://hackerone.com/reports/123942

https://hackerone.com/reports/123897
https://hackerone.com/reports/124096
https://hackerone.com/reports/127824
https://hackerone.com/reports/127949
https://hackerone.com/reports/127995
@chadwhitacre
Copy link
Contributor

New 8.

@chadwhitacre
Copy link
Contributor

New 0, Unclear 2.

@chadwhitacre chadwhitacre mentioned this issue Apr 4, 2016
Closed
@chadwhitacre
Copy link
Contributor

We got our first DMARC rejection notice:

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>[email protected]</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>[]</report_id>
    <date_range>
      <begin>1459728000</begin>
      <end>1459814399</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>grtp.co</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>reject</p>
    <sp>reject</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>[]</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>reject</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>grtp.co</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>grtp.co</domain>
        <result>fail</result>
      </spf>
    </auth_results>
  </record>
</feedback>

@chadwhitacre
Copy link
Contributor

Triaged 31! 💃 !m @aandis

@chadwhitacre
Copy link
Contributor

@aandis Are you willing and able to investigate H1-117195? That's the last one we don't have classified yet—my hunch is that it's another moderate. 😮

@aandis
Copy link

aandis commented Apr 6, 2016

Will do later this week. :)

@aandis
Copy link

aandis commented Apr 9, 2016

Commented on 117195.

@gratipay-bot gratipay-bot mentioned this issue Apr 10, 2016
Closed
@chadwhitacre chadwhitacre mentioned this issue Jun 7, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bot/Radar Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chadwhitacre @aandis @gratipay-bot