On Mon, Apr 14, 2014 at 3:21 PM, Scott Howard <sc...@doc.net.au> wrote: > > 7-April: OpenSSL's *public* advisory (after a full week of private >> notifications, of which yahoo surely was one tech company in on the >> early notifications) >> > > Given that many of their main services were vulnerable at the time of > public disclosure, I think that's a very large assumption to make... >
Based on the article below it would appear that Yahoo did NOT know about Heartbleed at the time of public disclosure. http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html Scott
