Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Serious Yahoo bug wins researchers $12.50 t-shirt voucher (grahamcluley.com)

An anonymous reader writes: A group of vulnerability researchers say that they are not going to spend any more time discovering bugs in Yahoo, after the site rewarded them with a paltry $12.50... which could only be spent in the company's online store.

Security veteran Graham Cluley reports that on 23rd September, researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.

The vulnerabilities meant it was possible to compromise *any* Yahoo account, by getting a logged-in user to visit a URL.

When Yahoo responded 48 hours later, they awarded a measly $12.50 per bug (in the form of a voucher that could only be spent at Yahoo's Corporate Store).

"This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. At this point, the High-Tech Bridge team decided to hold off on any further research for Yahoo."

Cluley says that the risible reward is unlikely to win Yahoo any fans in the white-hat community.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious Yahoo bug wins researchers $12.50 t-shirt voucher

Comments Filter:

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde