Yahoo! bug crushers have plugged a serious hole in Yahoo! Messenger that made it possible for bad guys to remotely take control of a user's machine. The update became available less than 24 hours after an anonymous hacker posted proof-of-concept code that demonstrated how the vulnerability could be exploited. The vulnerability …
Register! Yahoo! Headline! Missing! Exclamation Marks!
What went wrong with the headline guys? Next you'll probably forget your hatred of Kevin Warwick and write a nice review of his new book.
"Maiffret, who holds up Microsoft as a model for responsible vulnerability handling"
ie let months go past before issuing a patch.
Bad Yahoo! Released a fix in 24 hrs.
"Bad Yahoo! Released a fix in 24 hrs"
No, they didn't. They released a fix 24 hours after a hacker had already exploited the bug. They had longer than that to fix it. Not that I'm claiming they're slow or anything. But not releasing a patch for months *and* not telling anyone what to exploit seems more responsible than quickly releasing a patch, but giving hackers a fighting chance at exploiting it first.
How many times has MS been prompted to publish a patch after a "zero day" exploit? A patch that they've been sitting on?
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know