Forgot your password?
typodupeerror

+ - Serious Yahoo bug wins researchers $12.50 t-shirt voucher->

Submitted by Anonymous Coward
An anonymous reader writes "A group of vulnerability researchers say that they are not going to spend any more time discovering bugs in Yahoo, after the site rewarded them with a paltry $12.50... which could only be spent in the company's online store.

Security veteran Graham Cluley reports that on 23rd September, researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.

The vulnerabilities meant it was possible to compromise *any* Yahoo account, by getting a logged-in user to visit a URL.

When Yahoo responded 48 hours later, they awarded a measly $12.50 per bug (in the form of a voucher that could only be spent at Yahoo's Corporate Store).

"This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. At this point, the High-Tech Bridge team decided to hold off on any further research for Yahoo."

Cluley says that the risible reward is unlikely to win Yahoo any fans in the white-hat community."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious Yahoo bug wins researchers $12.50 t-shirt voucher

Comments Filter:

Remember: Silly is a state of Mind, Stupid is a way of Life. -- Dave Butler

Working...