lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 08 Oct 2014 12:25:56 -0400
From: illwill <>
Subject: Re: [FD] Yahoo! hacked on October 5, 2014...

On 10/7/2014 3:42 PM, Pål Nilsen wrote:
> I guess this is related?:
> On 7 Oct 2014 20:51, "Jonathan Hall" <> wrote:
>> I submitted to Yahoo! earlier some documentation detailing both the
>> "shellshock"/bash vulnerability and how my research on it lead me to
>> discovering that Yahoo!'s internal servers had been compromised, and that
>> the individuals were working on traversing their network. It was not until
>> I contacted several media outlets and the FBI that they actually responded.
>> However, once they responded, they did confirm the servers were breached.
>> Their answer to the lack of contact methods available is absolutely absurd
>> in my opinion. In fact, the entire response was a joke. The fact that they
>> informed me I could have used the bug bounty system to report it - though
>> it's not eligible for a bounty - is equivalent to saying - "Thanks, but so
>> we're clear, we don't owe you crap, but let us know if anything else comes
>> up." Perhaps if they weren't busy paying CEO's absurd salaries, they could
>> afford to hire an IT staff that's not fresh out of ITT Technical Institute
>> and sporting pull-ups.
>> Please see the rest of everything related to this at
>> Andhttp://
>> for their response. Email copy has
>> been attached.
>> Non-authoritative answer: Name: Address:
>> Non-authoritative answer: Name: Address:
>> These are the two servers that were 100% positively identified as being
>> compromised, with the server being the initial point
>> of entry via Shellshock.
>> Jonathan D. Hall
>> Future South Technologies
>> (504) 470-3748 - [main]
>> (504) 232-3306 -  [cell]
>> Life is a dream for the wise, a game for the fool, a comedy for the rich
>> and a tragedy for the poor.
>> _______________________________________________
>> Sent through the Full Disclosure mailing list
>> Web Archives & RSS:
> _______________________________________________
> Sent through the Full Disclosure mailing list
> Web Archives & RSS:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists