- Reaction score
- 1,747
Yahoo, it seems, just can’t do anything right when it comes to winning friends in the security industry. First, they came up with a bonkers scheme for recycling old email addresses – not apparently realising that the danger of identity theft to which it was exposing the original account holders.
Next, Yahoo CEO Marissa Mayer showed she didn’t even have time to tap four digits, and admitted she doesn’t bother to have even a simple security passcode on her iPhone.
And now, it’s been revealed that it takes its users’ security with such disregard that it “rewards” researchers who find vulnerabilities with a paltry $12.50 bounty… which can only be spent in Yahoo’s Company Store.
That’s what just happened to the researchers at High-Tech Bridge recently.
On Monday 23rd September, the researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.
Read more here.
Well, that sucks...
Next, Yahoo CEO Marissa Mayer showed she didn’t even have time to tap four digits, and admitted she doesn’t bother to have even a simple security passcode on her iPhone.
And now, it’s been revealed that it takes its users’ security with such disregard that it “rewards” researchers who find vulnerabilities with a paltry $12.50 bounty… which can only be spent in Yahoo’s Company Store.
That’s what just happened to the researchers at High-Tech Bridge recently.
On Monday 23rd September, the researchers informed Yahoo’s Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.
Read more here.
Well, that sucks...