Home latest news I DISCOVERED A GLITCH IN YAHOO’S SECURITY AND ALL I GOT WAS...

I DISCOVERED A GLITCH IN YAHOO’S SECURITY AND ALL I GOT WAS THIS LOUSY T-SHIRT

1636

SECURITY EXPERTS ALERTED YAHOO’S SECURITY TEAM TO VULNERABILITIES THAT COULD COMPROMISE ANY @YAHOO.COM EMAIL ACCOUNT. IN RETURN, THEY GOT $12.50 TO SPEND AT THE COMPANY STORE.

Let’s say you’re dying to get your hands on that Yahoo-branded iPad cover from the company’s store (we won’t ask you why). Here’s a cool way to get $12.50 off your purchase:

  1. Find a security bug in a Yahoo website.
  2. Report it to Yahoo.
  3. Receive a promo code for $12.50 off anything in Yahoo’s company store.
  4. Feel all warm and fuzzy inside.

This is exactly what happened to the security experts at the Geneva-based firm High-Tech Bridge recently (we’re pretty sure they were not feeling warm and fuzzy). After reporting three cross-site scripting (XSS) vulnerabilities to Yahoo’s security team that could compromise any @yahoo.com email account by having a logged-in Yahoo user click on a specially crafted link, they got a thank-you email from Yahoo, and a handsome reward of $12.50 to use on the company’s online store where you can buy Yahoo-branded socks, t-shirts, and other things.

High-Tech Bridge CEO Ilia Kolochenko says: “Yahoo should probably revise their relations with security researchers. Paying several dollars per vulnerability is a bad joke and won’t motivate people to report security vulnerabilities to them, especially when such vulnerabilities can be easily sold on the black market for a much higher price.”

Facebook, as a point of comparison, recently offered a hacker $12,500 for finding a way to delete anyone’s Facebook photos with the right know-how. Google offers up to $20,000 for reporting security vulnerabilities. Microsoft? A cool $100,000.

 

Source : http://www.fastcompany.com/3019001/i-discovered-a-glitch-in-yahoos-security-and-all-i-got-was-this-lousy-t-shirt

Comments

comments

NO COMMENTS

Leave a Reply