lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Oct 2014 21:42:32 +0200
From: Pål Nilsen <>
To: Jonathan Hall <>
Subject: Re: [FD] Yahoo! hacked on October 5, 2014...

I guess this is related?:
On 7 Oct 2014 20:51, "Jonathan Hall" <> wrote:

> I submitted to Yahoo! earlier some documentation detailing both the
> "shellshock"/bash vulnerability and how my research on it lead me to
> discovering that Yahoo!'s internal servers had been compromised, and that
> the individuals were working on traversing their network. It was not until
> I contacted several media outlets and the FBI that they actually responded.
> However, once they responded, they did confirm the servers were breached.
> Their answer to the lack of contact methods available is absolutely absurd
> in my opinion. In fact, the entire response was a joke. The fact that they
> informed me I could have used the bug bounty system to report it - though
> it's not eligible for a bounty - is equivalent to saying - "Thanks, but so
> we're clear, we don't owe you crap, but let us know if anything else comes
> up." Perhaps if they weren't busy paying CEO's absurd salaries, they could
> afford to hire an IT staff that's not fresh out of ITT Technical Institute
> and sporting pull-ups.
> Please see the rest of everything related to this at
> Andhttp://
> for their response. Email copy has
> been attached.
> Non-authoritative answer: Name: Address:
> Non-authoritative answer: Name: Address:
> These are the two servers that were 100% positively identified as being
> compromised, with the server being the initial point
> of entry via Shellshock.
> Jonathan D. Hall
> Future South Technologies
> (504) 470-3748 - [main]
> (504) 232-3306 -  [cell]
> Life is a dream for the wise, a game for the fool, a comedy for the rich
> and a tragedy for the poor.
> _______________________________________________
> Sent through the Full Disclosure mailing list
> Web Archives & RSS:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists