This is a ridiculously awesome post from Dancho Danchev which dives into the mechanics of the sale, distribution and fraudulent processing of credit cards on the Internet.
Congratulations Dancho.
There's a fresh conversation happening about the distinction between bug bounty programs and vulnerability disclosure programs. This is an area where the distinction between a bug bounty program (cash or cash equivalent proactively offered to the public) and a vulnerability disclosure program (which can optionally offer a thank-you
Last Saturday Jan 31 was my last day "inside the tent" at Bugcrowd.
Notes from judging DistrictCon's Junkyard Year 1 — a Pwn2Own-style exploit contest targeting end-of-life devices. Disco balls, DNA sequencers, gym treadmills, and self-propagating game worms. Includes exploit chain diagrams for all eleven talks.