Yahoo! bug crushers have plugged a serious hole in Yahoo! Messenger that made it possible for bad guys to remotely take control of a user's machine. The update became available less than 24 hours after an anonymous hacker posted proof-of-concept code that demonstrated how the vulnerability could be exploited. The vulnerability …
Register! Yahoo! Headline! Missing! Exclamation Marks!
What went wrong with the headline guys? Next you'll probably forget your hatred of Kevin Warwick and write a nice review of his new book.
"Maiffret, who holds up Microsoft as a model for responsible vulnerability handling"
ie let months go past before issuing a patch.
Bad Yahoo! Released a fix in 24 hrs.
"Bad Yahoo! Released a fix in 24 hrs"
No, they didn't. They released a fix 24 hours after a hacker had already exploited the bug. They had longer than that to fix it. Not that I'm claiming they're slow or anything. But not releasing a patch for months *and* not telling anyone what to exploit seems more responsible than quickly releasing a patch, but giving hackers a fighting chance at exploiting it first.
How many times has MS been prompted to publish a patch after a "zero day" exploit? A patch that they've been sitting on?
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad