Daily Swig - Container security: Privilege escalation bug patched in Docker Engine

A vulnerability in a Docker Engine security feature potentially allowed attackers to escalate privileges from a remapped user to root.

“The two avenues of exploitation I found would allow writing of arbitrary files as the real root user” or seizing ownership of files previously accessible only by the root user, security researcher Alex Chapman, who unearthed the flaw, tells The Daily Swig.

Continue reading on portswigger.net...

Daily Swig - Collaborative bug hunting ‘could be very lucrative’ – security pro Alex Chapman on the future of ethical hacking

“It all started with a Commodore 64, but Alex Chapman’s passion for programming crystalized into an interest in ethical hacking following a careers advice day at university.

Since graduating in computer science in 2007, the London-based vulnerability researcher has worked in pen testing, red teaming, and security research during stints at Deloitte, Context Information Security, and Yahoo.”

Continue reading on portswigger.net...

Hacker Spotlight - Interview with ajxchapman

“Alex Chapman, otherwise known as @ajxchapman, has been a bug bounty hunter for over a decade after starting in the field as a pentester for Deloitte in 2007. Alex says being a full-time bounty hunter gives him the freedom he’s looking for to enjoy his work and spend quality time in London with his wife, baby girl and their West Highland Terrier.”

Continue reading on www.hackerone.com...