Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - Serious Yahoo bug wins researchers $12.50 t-shirt voucher (

An anonymous reader writes: A group of vulnerability researchers say that they are not going to spend any more time discovering bugs in Yahoo, after the site rewarded them with a paltry $12.50... which could only be spent in the company's online store.

Security veteran Graham Cluley reports that on 23rd September, researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the and domains.

The vulnerabilities meant it was possible to compromise *any* Yahoo account, by getting a logged-in user to visit a URL.

When Yahoo responded 48 hours later, they awarded a measly $12.50 per bug (in the form of a voucher that could only be spent at Yahoo's Corporate Store).

"This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. At this point, the High-Tech Bridge team decided to hold off on any further research for Yahoo."

Cluley says that the risible reward is unlikely to win Yahoo any fans in the white-hat community.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious Yahoo bug wins researchers $12.50 t-shirt voucher

Comments Filter:

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin