Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt

Posted by Unknown on from the gimme-more-or-ill-hack-ur-serverz dept.

Hugh Pickens DOT Com writes "More and more companies are offering Bug Bounty Programs remunerating security researchers for reporting vulnerabilities and weaknesses in their applications and software. Now Security analyst Graham Cluley writes that researchers at High-Tech Bridge informed Yahoo's Security Team about three cross-site scripting (XSS) vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains. According to High-Tech Bridge, each of the vulnerabilities could compromise *any* @yahoo.com email account. All that was required was that the victim, while logged into Yahoo, should click on a specially-crafted link received in an email. Forty-eight hours later, Yahoo had patched all of the vulnerabilities and Yahoo's security team responded, thanking the researchers and 'offering the mighty bounty of err.. $12.50 per vulnerability,' writes Cluley. But there was one catch. The $12.50 was given as a discount code that can only be used in the Yahoo Company Store, which sells Yahoo's corporate t-shirts, cups, pens and other accessories."

7 of 138 comments (clear)

  1. They must have an exclusive store by viperidaenz · · Score: 5, Funny

    With the tshirt that says "I found a vulnerability and all I got was this lousy T-Shirt"

  2. Re:So . . . by kthreadd · · Score: 5, Funny

    Have you seen the new Yahoo logo?

  3. Re:So . . . by mwvdlee · · Score: 5, Funny

    Surely they sell a T-shirt that reads "I saved Yahoo! public embarrasement, millions of dollars in damages and all I got was this lousy T-shirt".

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  4. Re:So . . . by Anonymous Coward · · Score: 3, Funny

    There weren't any in XXL.

  5. Not bad by Anonymous Coward · · Score: 5, Funny

    C'mon. This is WAY better than the Standard Operation Practice: suing them into the ground.

    We're moving forward, it seems.

  6. Re:So . . . by squiggleslash · · Score: 4, Funny

    I know, at least Yahoo! didn't insult them by offering them a job at Yahoo! or something...

    --
    You are not alone. This is not normal. None of this is normal.
  7. Re:So . . . by MysteriousPreacher · · Score: 3, Funny

    Recycling email addresses is a great time saver. It saved me the hassle of getting myself on spam and porn lists. If not for Yahoo's decision my grandmother would never have discovered the delights of European bestiality. It also meant I didn't have to go making accounts on other services, as I just waiting for newsletters and other mailings to come through so I could use them to reset the passwords of the prior owner.

    Top notch idea! I wish Yahoo would make a computer. I know they'd add useful features, such as the "decrypt hard drive" button on the back for those awkward moments when someone has files I really need to see.

    --
    -- Using the preview button since 2005