I'm discussing “How I hacked Clubhouse (and made it safer for all)” with Bug Bounties & VDPs. Saturday, May 1 at 3:00 PM PDT on @joinclubhouse. Join us! https://www.joinclubhouse.com/event/PrWy8Ol6
I’ll host another discussion here in Twitter Spaces around 4:30 Pacific time May 1 for those who don’t have iPhones or don’t want to join Clubhouse.
We’ll cover:
How & why I hacked Clubhouse
Common missteps in Vulnerability Disclosure
What Clubhouse did right
The public safety problem with NDAs in VDPs & bug bounties
Where oh where that bounty donation to charity is held up
SPOILER: bounty platform vendor delay





SPOILER: bounty platform vendor delay
Read @lilyhnewman ‘s article about my Clubhouse hack in @WIRED : https://www.wired.com/story/clubhouse-bug-lurkers-ghost/
For technical details of my Clubhouse hack, plus a link to video outtakes of Scapy The Cat, (and a shoutout to the legendary @MCHammer ), read my blog: https://www.lutasecurity.com/post/new-clubhouse-security-vulnerabilities-could-happen-to-any-growing-unicorn