I guess this is related?: https://news.ycombinator.com/item?id=8416393 On 7 Oct 2014 20:51, "Jonathan Hall" <jh...@futuresouth.us> wrote:
> I submitted to Yahoo! earlier some documentation detailing both the > "shellshock"/bash vulnerability and how my research on it lead me to > discovering that Yahoo!'s internal servers had been compromised, and that > the individuals were working on traversing their network. It was not until > I contacted several media outlets and the FBI that they actually responded. > However, once they responded, they did confirm the servers were breached. > Their answer to the lack of contact methods available is absolutely absurd > in my opinion. In fact, the entire response was a joke. The fact that they > informed me I could have used the bug bounty system to report it - though > it's not eligible for a bounty - is equivalent to saying - "Thanks, but so > we're clear, we don't owe you crap, but let us know if anything else comes > up." Perhaps if they weren't busy paying CEO's absurd salaries, they could > afford to hire an IT staff that's not fresh out of ITT Technical Institute > and sporting pull-ups. > > Please see the rest of everything related to this at > http://www.futuresouth.us/yahoo_hacked.html Andhttp:// > www.futuresouth.us/yahoo_response.jpg for their response. Email copy has > been attached. > > Non-authoritative answer: Name: dip4.gq1.yahoo.com Address: 63.250.204.25 > > Non-authoritative answer: Name: api118.sports.gq1.yahoo.com Address: > 10.212.240.43 > > These are the two servers that were 100% positively identified as being > compromised, with the dip4.gq1.yahoo.com server being the initial point > of entry via Shellshock. > > Jonathan D. Hall > > Future South Technologies > www.futuresouth.us > (504) 470-3748 - [main] > (504) 232-3306 - [cell] > > > Life is a dream for the wise, a game for the fool, a comedy for the rich > and a tragedy for the poor. > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
