Podcasts about Bug bounty program

In this episode of the Post Status Happiness Hour, host Michelle Frechette interviews Ryan Logan from Influence WP, a platform aimed at fostering connections within the WordPress community. Ryan shares his background in IT and his transition to WordPress, highlighting Influence WP's focus on partnerships and consumer benefits. The platform offers exclusive deals and a unique "bad actor bounty program" to address industry issues. An unnamed participant contributes by asking questions and providing feedback. The discussion underscores the importance of collaboration, transparency, and community engagement within the WordPress ecosystem, showcasing Ryan's dedication to making a positive impact.Top Takeaways:About InfluenceWP: InfluenceWP is a platform designed for WordPress users, businesses, and partners to collaborate and share resources. Members can create unlimited listings to showcase deals, services, or projects. The platform aims to foster connections and encourage community growth rather than focusing solely on generating revenue. Additionally, it offers features like viral giveaways and opportunities for cross-promotion among members, making it a valuable tool for collaboration.Membership Details: Membership on InfluenceWP caters to both consumers and partners. Partners can list their offerings, such as deals and resources, while consumers benefit from accessing these opportunities. Notifications about new listings are sent through newsletters, keeping members informed and engaged. Ryan Logan, the founder, emphasizes that members are encouraged to maximize the platform's features, including interlinking listings for added visibility.Opportunities for Advertisers: InfluenceWP's newsletter presents a unique opportunity for partners to promote their offerings through paid advertisements. This feature is especially beneficial during sales periods like Black Friday, where deals are abundant. By integrating advertising into the platform's ecosystem, InfluenceWP provides an additional revenue stream for itself and its members, while also enhancing the visibility of partner contributions.Future Plans: Looking ahead, InfluenceWP aims to expand its offerings through collaborations and community-driven initiatives. Ryan envisions a future where the platform includes projects like user-generated podcasts or sponsored content. These initiatives would allow contributors to share in the success of the platform while bringing fresh ideas to its ecosystem. Ryan is committed to keeping InfluenceWP open to diverse forms of collaboration.Mentioned In The Show:influenceWPPatchstackTwitterBlueskyLinkCentralBug Bounty ProgramStellarWPWP WeeklyWP Wonder WomenMark WestguardWS Forms

- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid

- Activist Hedge Fund Buys Into Nissan - VinFast Gets Cash Life-Line - Trump Appoints Zeldin to EPA - Cadillac VISTIQ EV Details - Buick Adds Upgrades to Luxurious CENTURY Van - Porsche Holding Regular Bug Bounty Programs - Stellantis Secures Graphite in North America - Japanese Hydrogen JV Goes Racing - Fiat Offers 12-Volt Mild Hybrid

Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 01:53 Recent Jailbreaking Techniques and Examples 04:42 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:21 Future of AI Security and Final Thoughts

Exposing AI Vulnerabilities with Mozilla's Gen AI Bug Bounty Manager - Marco Figueroa In this special weekend edition of Hashtag Trending, host Jim Love sits down with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They delve into the challenges and intricacies of bypassing security guardrails in large language models like ChatGPT and Claude. Marco shares insights from his storied career in cybersecurity, his role at Mozilla, and the innovative techniques hackers use to jailbreak AI systems. Learn about prompt engineering, prompt injection, and prompt hacking, and discover how Mozilla's ODIN project aims to set new standards in AI security. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 02:02 Recent Jailbreaking Techniques and Discoveries 04:41 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:20 Future of AI Security and Final Thoughts 38:00 Conclusion and Contact Information

A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program.  Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Don't Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Johannes Ullrich from SANS Technology Institute talking about defending against attacks affecting APIs and dangerous new attack techniques you need to know about. This conversation is based on Johannes' presentations at the 2024 RSA Conference. You can learn more about them here:  Attack and Defend: How to Defend Against Three Attacks Affecting APIs The Five Most Dangerous New Attack Techniques You Need to Know About Selected Reading New regreSSHion OpenSSH RCE bug gives root on Linux servers (Bleeping Computer) US Supreme Court sidesteps dispute on state laws regulating social media (Reuters) China's ‘Velvet Ant' hackers caught exploiting new zero-day in Cisco devices (The Record) HubSpot accounts breach under investigation (SC Media) Japanese anime and gaming giant admits data leak following ransomware attack (The Record) Exposing FakeBat loader: distribution methods and adversary infrastructure (Sekoia.io blog) Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker (Halcyon) Google launches Bug Bounty Program for KVM Hypervisor (Stack Diary) How to Get Root Access to Your Sleep Number Bed (Dillan Mills) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Från VDP till bug bounty, Camilla Lundahl förklarar hur du kan få etiska hackare att hjälpa dig. I detta avsnitt får vi följa med i förändringsresan mot en mer inbjudande sårbarhetshantering. Camilla Lunddahl https://www.cyrenity.se/ Vill du ställa en fråga eller föreslå ämnen som du vill att vi ska prata om i framtida avsnitt? Skriv då till @sakerhetssnack på twitter!

Are you curious about how to maximize the strategic value and impact of your bug bounty program? In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective. In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization. Explore Further: Delve deeper into the subject with additional resources https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6 https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4 https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

Sponsor by ⁠⁠SEC Playground --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

- Tesla Wins 1st Autopilot Lawsuit Involving Fatal Crash - Toyota Slashes EV Sales Forecast - Automakers Oppose U.S. Steel Acquisition - Ford F-150 Lightning Heading to Switzerland - Elon Musk Shares New Cybertruck Details - Rivian Owners Now Have to Pay to Use Charging Sites - Porsche Launches Bug Bounty Program - VW Holding Off on New Battery Plant - Renault May Delay EV Unit IPO Again

- Tesla Wins 1st Autopilot Lawsuit Involving Fatal Crash - Toyota Slashes EV Sales Forecast - Automakers Oppose U.S. Steel Acquisition - Ford F-150 Lightning Heading to Switzerland - Elon Musk Shares New Cybertruck Details - Rivian Owners Now Have to Pay to Use Charging Sites - Porsche Launches Bug Bounty Program - VW Holding Off on New Battery Plant - Renault May Delay EV Unit IPO AgainThis show is part of the Spreaker Prime Network, if you are interested in advertising on this podcast, contact us at https://www.spreaker.com/show/3270299/advertisement

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support

Security breaches and ethical hacking are getting attention these days, and hackers are constantly hunting for new security flaws to attack. Many organizations volunteer their security to identify and repair system vulnerabilities before criminals exploit them. Many organizations provide Bug Bounties to incentivize security researchers with financial awards for discovering critical vulnerabilities. Other organizations provide Vulnerability Disclosure Programs where researchers can report flaws and gain acknowledgment, usually through praise or awards. What is a Bug Bounty? A Bug Bounty is a monetary compensation corporations pay to Ethical Hackers who find security bugs. A Bug Bounty Program might be open to the public or closed to the public, and the organization determines the scope of work and the types of bugs addressed. Many multinational companies hire hackers as a key component of their vulnerability management model. Alibaba, Apple, Google, and Shopify all have procedures to harness the worldwide hacker network to enhance corporate security. View More: Bug Bounty Vs. Vulnerability Disclosure Programs

Stai ascoltando il recap settimanale gratuito di Ninja PRO, la selezione quotidiana di notizie per i professionisti del digital business. Con Ninja PRO puoi avere ogni giorno marketing insight, social media update, tech news, business events e una selezione di articoli di approfondimento dagli esperti della Redazione Ninja. Vai su www.ninja.it/ninjapro per abbonarti al servizio.Tu guidi e loro ridono di te, guardano nella tua auto, dove pensi di essere solo, al sicuro. La privacy rimane un tema centrale anche questa settimana, dopo la diffusione dei video in cui alcuni impiegati di Tesla scherzavano sulle immagini sensibili dei clienti.Nel frattempo, anche TikTok affronta le indagini sulla gestione dei dati dei suoi utilizzatori (ne abbiamo parlato qui).Continua il fermento anche sulle Intelligenze Artificiali: ChatGPT lancia il suo Bug Bounty Program (chiede agli umani di risolvere i bug dell'AI ) mentre Google e la Stanford University hanno costruito una città virtuale, una società interattiva di robot AI.In questa settimana di aprile che ha ospitato il terzo appuntamento del Ninja Wrap Up, abbiamo provato a riportare gli individui al centro e a enfatizzare il loro bisogno di sentirsi parte di un gruppo e diventare una community, grazie alla partecipazione di Bernard Cova, sociologo e marketer di grande spessore.

Stai ascoltando un estratto gratuito di Ninja PRO, la selezione quotidiana di notizie per i professionisti del digital business. Con Ninja PRO puoi avere ogni giorno marketing insight, social media update, tech news, business events e una selezione di articoli di approfondimento dagli esperti della Redazione Ninja. Vai su www.ninja.it/ninjapro per abbonarti al servizio.Elon Musk dà conto dei tagli alla forza lavoro di Twitter. Da quando Twitter è stata acquisita da Musk, a fine ottobre 2022 per 44 miliardi di dollari, sono stati licenziati circa 6.500 dipendenti. Quasi i tre quarti dello staff. A riferirlo è lo stesso patron di Tesla, in un'intervista alla Bbc, in cui Musk, ha difeso le sue scelte: "Twitter sarebbe andato in bancarotta se non avesse tagliato i costi immediatamente. Non è una situazione indifferente: perché se l'intera nave affonda, allora nessuno avrà un lavoro". Musk ha poi spiegato che oggi la società è "Approssimativamente in pareggio" e "gli inserzionisti stanno tornando". L'intelligenza generativa di Twitter. Nonostante le recenti preoccupazioni sollevate recentemente dallo stesso Musk, l'azienda starebbe portando avanti un progetto di intelligenza artificiale. Di recente avrebbe acquistato circa 10.000 unità di elaborazione grafica e assunto due ex ingegneri di DeepMind. Il progetto prevede un modello linguistico di grandi dimensioni, ma è ancora in fase iniziale. Open AI, fino a 20 mila dollari per scovare bug in ChatGpt. La società che sviluppa ChatGPT ha lanciato il suo Bug Bounty Program. Si tratta di un'iniziativa che permette a sviluppatori e appassionati di codice di cercare nei prodotti del gruppo falle e problematiche di sicurezza. Una volta appurato il bug, l'organizzazione si impegna a pagare premi fino a 20 mila dollari in caso di vulnerabilità importanti.

Microsoft warns of Azure shared key authorization abuse Attackers hide stealer behind AI chatbot Facebook ads OpenAI to launch bug bounty program And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment.  For the stories behind the headlines, visit CISOseries.com.

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Josh and Kurt talk to Jill Moné-Corallo about GitHub's bug bounty and product security team. It's a treat to discuss bug bounties with someone who is managing a very large bug bounty for one of the most important web sites in the world of software today. Show Notes Jill's Twitter Jill's Mastodon GitHub Bug Bounty Bug bounty scope Eight years of the GitHub Security Bug Bounty program GitHub NPM bug bounty find

A successful bug bounty program can play a pivotal role in the security strategy for a company but defining and running such a program requires structure and maturity within an organisation. Sean Poris, Senior Director of Cyber Resilience at Yahoo knows all about the anchor elements that you need in a bug bounty program and how to drive maturity of such a program. In this fascinating conversation, Sean goes deep into how bug bounties fit into their security philosophy, and how this program has been developed and adapted over time. From there, we turn to the actual structure of the security team, with our guest shedding some light on what is required from the different roles on the teams. He explains what the Deputy Paranoids stay busy with, and how they approach hiring and educating for this position.

Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

Ep. 53 of the Cyber Law Revolution Podcast is live!In this episode, we discuss Lockbit 3.0's new bug bounty program and how they love to exploit greedy humans.Also, we dive into Marriott's newest data breach.You don't want to miss it....do you ever want to miss this podcast though?! ;) 

Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation. ** […] The post Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program appeared first on The Shared Security Show.

This week I cover a lot of news from Microsoft on new products entering public preview, some reaching generable availability, a pretty crazy story about a ransomware gang launching their own bug bounty program and much more! Reference Links: https://www.rorymon.com/blog/episode-236-june-patch-breaks-ie-mode-ransomware-gang-launch-bug-bounty-program-a-legend-leaves-microsoft/

Beskrivelse: I syvende episode av sesong tre har vi fått besøk av Torvald Lekvam (vaktmesteren) og Anders Nordin (supersvensken) fra Oda. Episoden starter med en generell oppdatering fra Olav og Karim før vi går over til en introduksjon av Anders og Torvald. De forteller om reisen til Oda, som blant annet startet on-prem med 10 ansatte og endte opp i skyen med godt over ett tusen ansatte. Deretter deler gutta åpent om flere incidents og angrep som selskapet har hatt før de også snakker om sin egenutviklede Access Elevator og et nyetablert Bug Bounty Program. Her er det bare å lene seg tilbake og nyte. Level: 200 Kilder som nevnes/anbefales: – https://medium.com/oda-product-tech Medvirkende: - Olav Østbye, Cloudworks - Karim El-Melhaoui, NBIM - Torvald Lekvam, Oda - Anders Nordin, Oda Følg oss! - https://www.linkedin.com/company/O3CYBER - https://twitter.com/O3CYBER Ris og ros? Gi oss gjerne en tilbakemelding, både positive og forbedringspotensiale. Dette kan du gjøre via kontakt oss i menyen på nettsiden vår, CastO3.no Forslag til nye episoder? Skulle du ha noen ønsker/forslag til nye episoder så ta gjerne kontakt med oss på den måten du selv ønsker, se nettsiden vår CastO3.no

Three things to know today Three prediction pieces to discuss Another company goes four day work week AND A new bug-bounty program for SMBs and MSPs   Want to get the show on your podcast app or get the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/   Support the show on Patreon:  https://patreon.com/mspradio/   Want our stuff?  Cool Merch?  Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com   Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/  

In today's podcast, Heather chats with Hurricane Labs pentester Meredith about what the infosec community thinks of Apple's recent 0day disclosure troubles. Also, make sure to check out some of the articles mentioned during this episode: About the security content of iOS 12.5.5 Apple Releases Security Updates Pentest Stories: Responsible vulnerability disclosure Click here for our podcast episode transcript.

Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple's Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Decluttr: Trade-in your iPhone or other device with a 28 day price lock and get an extra 10%* cash back with code 9TO5MAC(*$30 cap). New episodes of 9to5Mac Daily are recorded every weekday. Subscribe to our podcast in iTunes/Apple Podcast or your favorite podcast player to guarantee new episodes are delivered as soon as they're available. Stories discussed in this episode:   Report: Apple hires new leader to reform its bug bounty program amid complaints from researchers Analyst: Under-display Face ID on iPhone 14 'isn't final yet' 8th-gen iPad shipping times slip to 3-6 weeks ahead of Apple event Enjoy the podcast?: Shop Apple at Amazon to support 9to5Mac Daily! Follow Chance: Twitter: @ChanceHMiller Listen & Subscribe: Apple Podcasts Overcast RSS Stitcher TuneIn Google Play Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show!

Cleghorn works for Defense Digital Services. On Twitter, the group describes itself as  "a SWAT team of nerds on tours of duty."  You can read more about the group's goals on their website. You can see some of his work over on Hacker One.

Cleghorn works for Defense Digital Services. On Twitter, the group describes itself as  "a SWAT team of nerds on tours of duty."  You can read more about the group's goals on their website. You can see some of his work over on Hacker One.

We open the robe and share some vintage career origin stories. And we save Mike's soul by answering a few emails.

Here's 15 ways to make money in college. These are methods that my friends and I have used to pay our own college fees and live an independent life. These include side hustles, full time work or starting a business as well. Making money in college teaches you the value of money and you learn how to manage money very early on in life. Hence, I believe everyone should know these 15 ways to make money while in college. Here are the methods discussed in the video: 1. Get an Internship - 2:01 2. Start Freelancing - 3:39 3. Make Online Courses - 4:48 4. Write an eBook - 5:57 5. Participate in Hackathons - 8:16 6. Take part in Open Source - 9:27 7. Get Research Internships - 10:50 8. Become a Teacher - 13:10 9. Start a Business - 14:15 10. Invest in Stock Market - 15:11 11. Become a Content Creator - 16:20 12. Bug Bounty Program - 17:46 13. Become a Virtual Assistant - 19:08 14. Get College Merit Scholarships - 20:36 15. Use Amazon Mechanical Turk - 21:55 ✨ Tags ✨ bits pilani,bits goa,how to make money,ways to make money in college,how to make money online,work from home,freelancing in college,earning in college,youtube revenue in college,how to pay your tuition fees,teaching assistant,earn money through photoshop,earn money through digital marketing,college jobs,side hustles,part time jobs,work from home jobs,passive income,ishan sharma,college side hustles,how to earn money,how to start freelancing,internships

Cyber-security expert Tony Grasso joins Kathryn to look at why TikTok might have agreed to launch a global bug bounty program. He'll also talk about how hackers are getting particularly good at getting people to open up to them.

Cyber-security expert Tony Grasso joins Kathryn to look at why TikTok might have agreed to launch a global bug bounty program. He'll also talk about how hackers are getting particularly good at getting people to open up to them.

Can your Printer Cartridge Be Hacked? - Cup of Cyber - October 2nd, 2020  Join us for an inside view of today's Cyber News and why it matters. https://www.cyber-recon.com/courses/rmf-cap/ ————————— News ————————————- Ahead of U.S. election, malicious email campaign mimics Democratic pitches for volunteers https://www.reuters.com/article/us-usa-election-cybercrime/ahead-of-u-s-election-malicious-email-campaign-mimics-democratic-pitches-for-volunteers-idUSKBN26N03J (https://www.reuters.com/article/us-usa-election-cybercrime/ahead-of-u-s-election-malicious-email-campaign-mimics-democratic-pitches-for-volunteers-idUSKBN26N03J) BlackTech: A Hacking Group with a Busy Agenda https://cyware.com/news/blacktech-a-hacking-group-with-a-busy-agenda-c88f7d2a (https://cyware.com/news/blacktech-a-hacking-group-with-a-busy-agenda-c88f7d2a) UK found flaw of 'national significance' in Huawei tech, says report https://www.zdnet.com/article/uk-found-flaw-of-national-significance-in-huawei-tech-says-report/ (https://www.zdnet.com/article/uk-found-flaw-of-national-significance-in-huawei-tech-says-report/) New malware infects Android TVs, IoT devices in 84 nations https://ciso.economictimes.indiatimes.com/news/new-malware-infects-android-tvs-iot-devices-in-84-nations/78438960 (https://ciso.economictimes.indiatimes.com/news/new-malware-infects-android-tvs-iot-devices-in-84-nations/78438960) HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities https://www.helpnetsecurity.com/2020/10/02/hp-expands-bug-bounty-program/ —————————-Todays Offbeat Holiday————- Today is: Name Your Car Day _____________________Products shown today_____________ RMF& CAP Course https://www.cyber-recon.com/courses/rmf-cap/ (https://www.cyber-recon.com/courses/rmf-cap/) SWAG is at: https://www.youtube.com/redirect?q=https%3A%2F%2Fwww.cyber-recon.com%2Fswag%2F&event=video_description&v=DSUm5h_E4JI&redir_token=QUFFLUhqbTVieFBZSEgyQVg2Z2tnUDBrNWxpaEtxV0VvQXxBQ3Jtc0trc3lfQmRFSU9NMHpZOE1ONDZEMHM5Y1BSZnNXMGU0ZEVSclhzR1FWa2ZadjJ2X2dleWtNU0VMMWNoYlFKS2ZIeWZRS3BFRGx3M2c5enVTOU5JQW9vbVhObVhqcm1PTHVVSFVlajNFam1BdzVxT0Y1MA%3D%3D (https://www.cyber-recon.com/swag/) Support this podcast

My podcast with HP execs ShivaunAlbright and Guillaume Gerardin on the important (and innovative) work that the company is doing in the print security area and the announcement of enhancements to their Bug Bounty Program

This week in the Application Security News, Mike and John cover the following news stories: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode95

This week in the Application Security News, Mike and John cover the following news stories: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode95

https://www.bugcrowd.com/ https://www.hackerone.com/ https://github.com/abhinavprasad47/bugbounty-starter-notes https://github.com/MuhammadKhizerJaved/BugBountyLearningResources https://github.com/1hack0/bug-bounty-101 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

#CryptoCorner: Libra Association Announces Libra Bug Bounty Program, Facebook Hires Lobbying Firm FS Vector for Libra, ASX Teams with VMware and Digital Asset, and FINMA Grants Licenses to SEBA and Sygma

#CryptoCorner: Libra Association Announces Libra Bug Bounty Program, Facebook Hires Lobbying Firm FS Vector for Libra, ASX Teams with VMware and Digital Asset, and FINMA Grants Licenses to SEBA and Sygma

#CryptoCorner: Libra Association Announces Libra Bug Bounty Program, Facebook Hires Lobbying Firm FS Vector for Libra, ASX Teams with VMware and Digital Asset, and FINMA Grants Licenses to SEBA and Sygma

#CryptoCorner: Libra Association Announces Libra Bug Bounty Program, Facebook Hires Lobbying Firm FS Vector for Libra, ASX Teams with VMware and Digital Asset, and FINMA Grants Licenses to SEBA and Sygma

Broader bounties. Million-dollar payouts. Beta bonuses. Info-Sec-Fuzed iPhones. And more. Apple’s Head of Security Engineering and Architecture, Ivan Krstić, has just dropped some bombshell announcements at the Black Hat conference in Las Vegas and we’re going to talk about them. SPONSOR: Brilliant Go to brilliant.org/vector and get 20% off their annual Premium subscription! MORE: Merch: https://standard.tv/vector Gear: https://kit.com/reneritchie Podcast: http://applepodcasts.com/vector Twitter: https://twitter.com/reneritchie Instagram: https://instagram.com/reneritchie Mobile Nations Affiliate Link Policy SUBSCRIBE: Apple Podcasts Overcast Pocket Casts Castro RSS YouTube  

This week Benjamin and Zac unpack Apple's latest software beta changes in iOS 13 and watchOS 6, the upgraded Shortcuts app and HBO in Apple TV Channels, the limited launch of Apple Card in the US, rumors about future iPhones with Face ID and under-the-screen Touch ID, Apple's Siri privacy issue and new Bug Bounty Program announcements, new accessories including the upgraded LG 5K display and Mophie's AirPower alternative, using HomeBridge and an IR blaster for a HomeKit fan, and much more. 9to5Mac Happy Hour is available Apple Podcasts, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by HomeIQ: Get 60% off the HomeIQ OnlyBrush smart toothbrush & travel kit w/ Qi wireless charging and iOS/Apple Watch control $60 (Reg. $149). Sponsored by LinkedIn Jobs: Go to LinkedIn.com/HAPPYHOUR and get $50 OFF toward your first job post! Sponsored by MyWallSt: Listeners can access the entire MyWallSt app for free for 30 days instead of the normal 7 days to get access to market-beating stock picks and expert guidance. Sponsored by TextExpander: Visit textexpander.com/podcast and select 9to5Mac Happy Hour to save 20% off your first year! Stories we discuss in this episode: Hands-on: iOS 13 beta 5 changes and features [Video] Hands-on: iOS 13 beta 6 changes and features [Video] Hands-on: Apple Card application and approval, Wallet app, iPad support, more Apple winds down Barclaycard partnership ahead of Apple Card launch, Apple Card app reportedly coming to iPad Kuo: Apple to release iPhone with both Face ID and under-screen Touch ID in 2021 Apple reviewing Siri audio grading practices, will let users opt out in future Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support New LG UltraFine 5K display now on sale, works with Mac or iPad Pro Mophie’s new multi-device wireless chargers now in stock at Apple Stores Sonos holding two-day media event in New York City later this month, new audio products expected 9to5Mac Watch Time podcast episode 3: Apple Watch and managing mental health with Alex Cox AWC 290 - Special Guest Zac Hall from 9to5Mac Subscribe, Rate, and Review 9to5Mac Happy Hour! Follow Zac: Instagram @apollozac Twitter @apollozac Follow Benjamin: Twitter @bzamayo Follow 9to5Mac: Instagram @9to5mac Twitter @9to5mac Facebook Listen & Subscribe: Apple Podcasts Overcast Stitcher Google Play Share your thoughts! Drop us a line at happyhour@9to5mac.com. You can also rate us in Apple Podcasts or recommend us in Overcast to help more people discover the show!

In 2018 it was reported that there had been a 36% increase in total bug bounty payouts*, but does this mean this kind of security testing is best for your business? We take a look at the pros and cons of bug bounty programs and how it compares to penetration testing. Key points include: 1’13 A brief definition of penetration testing and bug bounties 1’53 How the costing works 3’05 The difference between a penetration test and a bug bounty 6’46 The difficulty with reporting bug bounties 7’42 The negatives and positives of the output of both pen testing and bug bounties 9’36 The time Uber was held to ransom by a bug hunter! 14’32 Summary * https://www.bugcrowd.com/resource/2018-state-of-bug-bounty-report/ Download on iTunes: apple.co/2Ji61Ek Listening time: 17 minutes For more information, follow us on Twitter @secarma or @secarmalabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode). Apple Patches Group FaceTime, Shortcuts Vulnerabilities Apple's bug bounty program, launched in 2016 (https://securosis.com/blog/thoughts-on-apples-bug-bounty-program) Apple might pay teenager who found Group FaceTime surveillance bug (https://appleinsider.com/articles/19/02/04/apple-might-pay-teenager-who-found-group-facetime-surveillance-bug) Apple to Remove “Do Not Track” Feature from Safari Google Chrome to get warnings for 'lookalike URLs' (https://www.zdnet.com/article/google-chrome-to-get-warnings-for-lookalike-urls/) Typosquatting (Wikipedia) (https://en.wikipedia.org/wiki/Typosquatting) Josh's tweet from 2012 about AdBlock Plus Chrome Canary (https://www.google.com/chrome/canary/) Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest (https://9to5mac.com/2019/02/06/mac-keychain-exploit/) Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017) (https://www.patreon.com/posts/mr-steal-yo-14556409) Market for zero-day exploits (Wikipedia) (https://en.wikipedia.org/wiki/Market_for_zero-day_exploits) Two-Factor Authentication Might Not Keep You Safe (https://www.nytimes.com/2019/01/27/opinion/2fa-cyberattacks-security.html) Two-Factor Authorization Apps for iOS Kevin Mitnick (Wikipedia) (https://en.wikipedia.org/wiki/Kevin_Mitnick) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.

Seth and Ken are joined once again by David Coursey (@dacoursey) to review topics from AppSec California 2019, including building developer relationships and the OWASP ZAP HUD. Ken and Dave answer questions about the time investment required to support a Bug Bounty program. David discusses his role at Allstate.

Seth and Ken are joined once again by David Coursey (@dacoursey) to review topics from AppSec California 2019, including building developer relationships and the OWASP ZAP HUD. Ken and Dave answer questions about the time investment required to support a Bug Bounty program. David discusses his role at Allstate.

Si quieres ver el vídeo con slides: https://youtu.be/Itlu5TDfQXQ What happens when a security researcher finds a hole in your code? Do have a clear policy to submit this kind of findings? Most not. Responsible Disclosure is something every company should manage, and Bug Bounties Programs help to improve the security as well as be in contact with the hacker community. During the talk we will see how a Responsible Disclosure Program or a BugBounty Program works, and how the company should focus and not forget about other mitigations and counter mesures related to security. Also we will dig a bit in how a security report must be performed in a good way.

Josh and Kurt talk about the EU bug bounty program. There have been a fair number of people complaining it's solving the wrong problem, but it's the only way the EU has to spend money on open source today. If that doesn't change this program will fail.

My Awesome InSecurity Podcast Mixtape! 2018 was quite a year in the world of cybersecurity. Here at the inSecurity Podcast we had the incredible good fortune to speak with some of the top minds in the industry about all kinds of different subjects. We ran the gamut from an Amazon Best Selling Authorto the creator of Microsoft’s first Bug Bounty Program to a superstar Nerdcore MC. And that’s barely scratching the surface! Of course we want you to check out each podcast to get the full lowdown from each expert… but in the meantime, pop in this epic mixtape and taste a sample of the amazing work being done by some of the best minds in the industry. Enjoy! Clint Watts: Crank Calling Carfeezi… the Early Days of Social Engineering Jenny Radcliffe: The Difference Between Hacking and Social Engineering Nick Percoco: The Evolving Roll of the Hacker Pete Herzog: We Have to Teach Kids to Hack Kip Boyle: Good Cyberhygeine Can Save a Small Business Brian Fanzo: Collaberation is the Future of Innovation Pete Schiefelbein: Comparing Cybersecurity Between Military and Civilian Operations Ellinor Mills: When Security Became the Story Katie Moussouris: A Bug? A Glitch? Maybe It’s Just Poor Coding OHM-I: Young Black Men in Technology HUGE shoutout to OHM-I for contributing two killer tracks to the broadcast Domain Internet Connection Dig into his virtual crates on Bandcampand Soundcloudto hear more! About Matt Stephenson   Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

En el Episodio 17, hablamos de un tema que está cada vez ganando mayor popularidad en el ambiente, los famosos Programas de Recompensas o también conocidos como Bug Bounty Program, en inglés. Los invitados fueron Bug Hunters que forman parte de los Hall of Fames de grandes empresas y reconocidos internacionalmente en los prestigiosos rankings de HackerOne, Bugcrowd, entre otros. Nos acompañaron ak1t4 de Argentina y Francisco “Pancho” Correa, de Chile. Algunas de las preguntas que debatimos fueron: ¿Qué es exactamente un programa de Bug Bounty? ¿Se gana “Guita” (dinero) realmente descubriendo Bugs? ¿Cuáles son las mejores plataformas de Bug Bounty? ¿Cómo alguien puede comenzar en un programa de Bug Bounty? ¿A qué se dedicaban antes y ahora? ¿Cómo calculan su ganancia y el tiempo invertido? Plataformas de Bug Bounty https://www.vulnscope.com https://www.hackerone.com https://www.bugcrowd.com Recursos de capacitación para empezar https://bugbountyworld.com Staff Presente: Diego Bruno Emiliano Piscitelli Maximiliano Soler

This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security! Full Show Notes: https://wiki.securityweekly.com/Episode571   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security! Full Show Notes: https://wiki.securityweekly.com/Episode571   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Security is on everyone’s mind. One way to strengthen security of your software and increase the awareness of your engineers is running a Security Hackathon – or a “Bug Bounty Program”. We invited Pascal Schulz ( https://www.linkedin.com/in/pascalschulz/ ), Security Engineer at Dynatrace, to the show to give us more background on HACK.DT – a security hackathon he and his team ran earlier this year within the Dynatrace Engineering Labs. For additional details check out his blog Running a successful internal bug bounty program and ping him on twitter (@PascalSec) in case you have further questions.https://www.dynatrace.com/news/blog/running-a-successful-internal-bug-bounty-program/

Security is on everyone’s mind. One way to strengthen security of your software and increase the awareness of your engineers is running a Security Hackathon – or a “Bug Bounty Program”. We invited Pascal Schulz ( https://www.linkedin.com/in/pascalschulz/ ), Security Engineer at Dynatrace, to the show to give us more background on HACK.DT – a security hackathon he and his team ran earlier this year within the Dynatrace Engineering Labs. For additional details check out his blog Running a successful internal bug bounty program and ping him on twitter (@PascalSec) in case you have further questions.https://www.dynatrace.com/news/blog/running-a-successful-internal-bug-bounty-program/

Paul, John, and Michael discuss the ins and outs of building a bug bounty program in this episode of Enterprise Security Weekly! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://securityweekly.com/esw for all the latest episodes!

Paul, John, and Michael discuss the ins and outs of building a bug bounty program in this episode of Enterprise Security Weekly! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode42 Visit http://securityweekly.com/esw for all the latest episodes!

This week on the Gaming Pilgrimage Podcast (Episode 94 - Yelling in Pain, Must've Been The Rain): - The Last Guardian, Castlevainia: SOTN, Pokemon Moon, Dead Space - Heroes of the Storm, Overwatch, World of Warcraft: Legion - Final Fantasy IX and V, JoJo's Bizzare Adventure, Gundam: Iron-Blooded Orphans - Indivisible, an upcoming RPG from Skullgirls Dev, teams up with Trigger for OP - Garou: Mark of the Wolves releases on Steam - Dark Souls Collection coming to PS4 and Xbox One, rummored for the Nintendo Switch - Tekken 7 Kuma and Panda Revealed - South Korea passes bill to directly punsh Hack / Cheat Developers - Konami files trademarks for TurboGrafx-16 properties - Final Fantasy XV Update Roadmap Revealed - Final Fantasy 30th Anniversary Rumored Mega-Compilation for PS4 and Vita - World of Warcraft Nostalrius Classic Server returning under the name Elysium - Super Mario Run Always-Online Connection Required for a 15$ App - Nintendo Announces a Bug Bounty Program for the 3DS - Questions and Answers (Email your questions to GamingPilgrimagePodcast@gmail.com) ... and more The Gaming Pilgrimage Podcast is three friends talking about whatever is on our minds about video games, anime and other pop culture. Episodes go up every Wednesday. Viewer Discretion is Advised Intro Music - Green Grass Graduation Remix (from Megaman ZX) by 0rangaStang - Link: www.youtube.com/watch?v=yaAAQzS42cU Outro Music - Neonature Remix (from Deus Ex) by OC Remixer "nervous_testpilot" - Link: ocremix.org/remix/OCR02997 Permission to use remixes obtained from Remixers

Intro / Outro BRUTTO - Просперо (Piano Cover) https://www.youtube.com/watch?v=NwsISaGo_PU 00:03:31 Интервью с Виктором Жорой об атаке на объекты электроэнергетики УкраиныПричиною вчорашнього знеструмлення половини Івано-Франківщини була хакерська атака http://goo.gl/yxFlrD СБУ попередила спробу російських спецслужб вивести з ладу об'єкти енергетики України http://goo.gl/px5umB First known hacker-caused power outage signals troubling escalation http://goo.gl/KxqQsf Хакери погрожують українським енергомережам. За кібератакою на обленерго читається російський почерк http://goo.gl/PG3Gxk США підозрюють Росію у причетності до кібератак на електромережі України http://goo.gl/GPtka5 Malware 'clearly' behind Ukraine power outage, SANS utility expert says http://goo.gl/s4DGoc iSIGHT Partners: Sandworm Team and the Ukrainian Power Authority Attacks http://www.isightpartners.com/?p=5305 Троян BlackEnergy используется в кибератаках на СМИ и промышленные объекты Украины http://goo.gl/bUKvOG BlackEnergy Disrupt Matrix - SOC Prime https://goo.gl/rIJuD XPotential Sample of Malware from the Ukrainian Cyber Attack Uncovered https://goo.gl/KAuM5i BlackEnergy .XLS Dropper http://bit.ly/1JQV1fa Штаб: У "Борисполі" попередили ймовірну хакерську атаку з боку РФ http://goo.gl/TZUvVG Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (pdf) http://goo.gl/cv4mzk Cyber war in perspective (pdf) https://goo.gl/RjPuqU 00:58:41 Казусы наших 1с01:01:15 Герб мининформполитики http://goo.gl/R9ETMK 01:02:02 Суд дозволив прокуратурі обшукати український офіс Google http://goo.gl/9E83F2 01:04:04 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 http://goo.gl/o7UiyH Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls http://goo.gl/p17WSL Fortinet says backdoor found in FortiOS is "a management authentication issue" http://goo.gl/b0m1tU 01:07:03 Facebook spars with researcher who says he found “Instagram’s Million Dollar Bug” https://goo.gl/SfUpSB 01:08:43 iOS 9.3 brings multi-user mode to iPads, along with more features and fixes http://goo.gl/Gjl9bl 01:11:10 How Nvidia breaks Chrome Incognito https://goo.gl/fZRwuQ Nvidia: Chrome 'Incognito' Porn Leakage Is on Apple, Not Us http://goo.gl/g3dk0Q 01:14:11 Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 https://goo.gl/Mbd8eY Evil OpenSSH servers can steal your private login keys to other systems – patch now http://goo.gl/GUaBfa How To Fix OpenSSH's Client Bug CVE-0216-0777 and CVE-0216-0778 by Disabling UseRoaming https://goo.gl/pkVRra 01:15:29 Microsoft Gives Details About Its Controversial Disk Encryption https://goo.gl/bTCfJr 01:17:21 Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key https://goo.gl/Rikium 01:18:11 Microsoft ends support for Windows 8, IE8 through 10: What does this mean for you? http://goo.gl/tLKJiM 01:18:40 The Tor Project Is Starting a Bug Bounty Program http://goo.gl/FKaraF 01:18:55 Linode: back at last after ten days of hell http://goo.gl/0pCRSF Linode Blog » Security Notification and Linode Manager Password Reset https://goo.gl/A2ee0q 01:19:21 Cisco admins gear up for a late night – hardcoded password in wireless points nuked http://goo.gl/W8XfvK 01:19:29 Про ДДоС говнокод.ру через JS в посте на хабре https://goo.gl/QNxvWG 01:21:21 TrendMicro node.js HTTP server listening on localhost can execute commands https://goo.gl/u8yMDh 01:23:37 Debug code cracked case in hunt for mystery Silverlight zero day http://goo.gl/oW4B5d 01:24:44 Software bug granted early release to more than 3,200 US prisoners http://goo.gl/1ke6sV 01:25:32 Massive bug at online gaming platform exposes users' sensitive data http://goo.gl/YS7Ja0 01:26:19 Turkish carder scores record 332-year jail term http://goo.gl/7gGxpe     01:26:50 Vulnerability allows to permanently delete any skype account by support request http://goo.gl/fbF6y1 01:29:28 French say 'Non, merci' to encryption backdoors http://goo.gl/W4mh04 01:30:13 Database leak exposes 3.3 million Hello Kitty fans http://goo.gl/10lH0a 01:30:23 250 Hyatt hotels hacked via PoS malware http://goo.gl/Vobx0i 01:30:42 Trustwave failed to spot casino hackers right under its nose – lawsuit http://goo.gl/4CpA7i 01:31:51 Stranger talks to a kid through this hacked baby monitor http://goo.gl/KK9Xey 01:32:38 Holiday hack challenge https://holidayhackchallenge.com/ Security weekly #444 http://goo.gl/PdY9C3 01:41:07 drduh/OS-X-Security-and-Privacy-Guide https://goo.gl/TihhlC