Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Serious Yahoo bug wins researchers $12.50 t-shirt voucher->

An anonymous reader writes: A group of vulnerability researchers say that they are not going to spend any more time discovering bugs in Yahoo, after the site rewarded them with a paltry $12.50... which could only be spent in the company's online store.

Security veteran Graham Cluley reports that on 23rd September, researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.

The vulnerabilities meant it was possible to compromise *any* Yahoo account, by getting a logged-in user to visit a URL.

When Yahoo responded 48 hours later, they awarded a measly $12.50 per bug (in the form of a voucher that could only be spent at Yahoo's Corporate Store).

"This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. At this point, the High-Tech Bridge team decided to hold off on any further research for Yahoo."

Cluley says that the risible reward is unlikely to win Yahoo any fans in the white-hat community.

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious Yahoo bug wins researchers $12.50 t-shirt voucher

Comments Filter:

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Working...