Yahoo pays out a whopping $12.50 bounty
Posted by: Timothy Weaver on 10/01/2013 03:23 PM [ Comments ]
Researchers found a bug that “allowed any @yahoo.com email account to be compromised simply by sending a specially crafted link to a logged-in Yahoo! user and making him/her clicking on it.” What did Yahoo think about the find? The bounty was just $US12.50 and came in the form of a voucher that could only be spent in the Yahoo! company store.
From a canned statement from Switzerland-based security outfit High-Tech Bridge, it set out to test the efficacy of bug bounties by seeing if it could find a flaw on Yahoo. Yahoo! responded with an email saying the bug was known and so did not qualify for payment.
Another three flaws were sent in and finally Yahoo bit and sent the voucher for $12.50. High-Tech Bridge's CEO Ilia Kolochenko has reacted badly to that offer, declaring it “a bad joke”.
“If Yahoo! cannot afford to spend money on its corporate security, it should at least try to attract security researchers by other means. Otherwise, none of Yahoo!’s customers can ever feel safe,” he writes.
Another three flaws were sent in and finally Yahoo bit and sent the voucher for $12.50. High-Tech Bridge's CEO Ilia Kolochenko has reacted badly to that offer, declaring it “a bad joke”.
“If Yahoo! cannot afford to spend money on its corporate security, it should at least try to attract security researchers by other means. Otherwise, none of Yahoo!’s customers can ever feel safe,” he writes.
Comments