Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Serious Yahoo bug wins researchers $12.50 t-shirt voucher (

An anonymous reader writes: A group of vulnerability researchers say that they are not going to spend any more time discovering bugs in Yahoo, after the site rewarded them with a paltry $12.50... which could only be spent in the company's online store.

Security veteran Graham Cluley reports that on 23rd September, researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the and domains.

The vulnerabilities meant it was possible to compromise *any* Yahoo account, by getting a logged-in user to visit a URL.

When Yahoo responded 48 hours later, they awarded a measly $12.50 per bug (in the form of a voucher that could only be spent at Yahoo's Corporate Store).

"This amount was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo’s corporate t-shirts, cups, pens and other accessories. At this point, the High-Tech Bridge team decided to hold off on any further research for Yahoo."

Cluley says that the risible reward is unlikely to win Yahoo any fans in the white-hat community.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Serious Yahoo bug wins researchers $12.50 t-shirt voucher

Comments Filter:

It's fabulous! We haven't seen anything like it in the last half an hour! -- Macy's