SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
Oct 31, 2025
Explore the intriguing world of bug bounty programs, where new HTTP headers are making waves for identifying researchers. Proton has launched a breach observatory to uncover unreported data breaches, raising questions about transparency. Discover best practices for hardening Microsoft Exchange Server, implemented in collaboration with national cyber security agencies. Finally, learn about a critical vulnerability in the MOVEit file transfer program, prompting immediate action for users. Tune in for essential insights in cyber security!
AI Snips
Chapters
Transcript
Episode notes
Bug-Bounty Request Headers Appearing
- New bug-bounty request headers (e.g., X-Request-Purpose) are appearing in honeypot logs and claim to identify research scans.
- Johannes Ulrich warns these headers can be easily spoofed and shouldn't be used to trust or block traffic.
Don't Trust Headers To Authorize Scans
- Do not rely on bug-bounty headers to filter or allow traffic because they can be forged.
- Instead, use them only as supplementary signals and never as sole evidence of legitimate scanning.
Proton's Data Breach Observatory Launch
- Proton launched a Data Breach Observatory listing breaches that may be unreported or unknown to the affected companies.
- Johannes Ulrich notes they have about 800 breaches and hope Proton notifies impacted organizations.