Feeds

back to article Yahoo! patch squashes messenger bug

Yahoo! bug crushers have plugged a serious hole in Yahoo! Messenger that made it possible for bad guys to remotely take control of a user's machine. The update became available less than 24 hours after an anonymous hacker posted proof-of-concept code that demonstrated how the vulnerability could be exploited. The vulnerability …

COMMENTS

This topic is closed for new posts.

Register! Yahoo! Headline! Missing! Exclamation Marks!

What went wrong with the headline guys? Next you'll probably forget your hatred of Kevin Warwick and write a nice review of his new book.

0
0

Model?

"Maiffret, who holds up Microsoft as a model for responsible vulnerability handling"

ie let months go past before issuing a patch.

Bad Yahoo! Released a fix in 24 hrs.

0
0

re: Model?

"Bad Yahoo! Released a fix in 24 hrs"

No, they didn't. They released a fix 24 hours after a hacker had already exploited the bug. They had longer than that to fix it. Not that I'm claiming they're slow or anything. But not releasing a patch for months *and* not telling anyone what to exploit seems more responsible than quickly releasing a patch, but giving hackers a fighting chance at exploiting it first.

0
0

re: Model?

How many times has MS been prompted to publish a patch after a "zero day" exploit? A patch that they've been sitting on?

0
0
This topic is closed for new posts.