back to article Yahoo! retires! bleeding! ImageMagick! to! kill! 0-day! vulnerability!

How would you like US$778 per byte for your exploit? That's what security researcher Chris Evans just scored from Yahoo!, for an 18-byte demonstration of how private Yahoo! Mail images could leak. Even though the bug's been patched, Yahoo! decided it was one bug too many in the library, and retired it. Because (a) bugs get …

  1. bombastic bob Silver badge
    Devil

    does not appear to be abandonware... so, what the BLANK?

    https://www.imagemagick.org/script/download.php

    https://www.imagemagick.org/script/changelog.php

    most recent changes 5/19 this year.

    I guess "patch" really means "update to newer release"

  2. jake Silver badge

    What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

    Colo(u)r me confuzled.

    1. inmypjs Silver badge

      Re: What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

      Puzzled me a bit, but, I assume it runs on Yahoo servers for their web based email service.

      Why anyone would still be using Yahoo for email is what confuses me.

      1. Ole Juul Silver badge

        Re: What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

        Typically that would be because they've had the account so long it's hard to change. Still a good point. However, I bet it's so people who have no idea about the size of a file can send pictures.

        1. allthecoolshortnamesweretaken Silver badge
          Pint

          Re: What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

          I'd say you've won the bet.

      2. Anonymous Coward
        Happy

        Re: What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

        "Why anyone would still be using Yahoo for email is what confuses me."

        To keep my protonmail box free of junk.

      3. John Miles

        Re: Why anyone would still be using Yahoo for email is what confuses me

        Because some sites want an email address and Yahoo seems rather deserving of all that spam.

    2. agurney

      Re: What! The! Hell! Does! ImageMagick! Have! To! Do! With! Yahoo!?

      possibly for all those photos being uploaded to galleries on Yahoo!groups

  3. sitta_europea

    All those exclamation marks are starting to look a bit, well, unimaginative.

    1. Alumoi

      All! those! exclamation! marks! are! starting! to! look! a! bit!, well!, unimaginative!

      What exclamation marks!?!

    2. Richard Lloyd

      Exclaimation! marks! on! every! El! Reg! article! headline! has! been! annoying! for! years!

      The occasional "exclamisation" of a Yahoo! El Reg article headline might be slightly amusing, but to see it on *every* such article headline for years and years is unbelievably tiresome. Give! it! up!, El! Reg!

      lso, referring to Google as the Chocolate Factory wasn't even funny in the first place (and certainly confusing to El Reg first-timers, who might think Cadbury's had been bought by Google or something).

      1. bombastic bob Silver badge
        Devil

        Re: Exclaimation! marks! on! every! El! Reg! article! headline! has! been! annoying! for! years!

        I do the SAME! THING! in my posts sometimes. It's a form of emphasis. [you just have to 'get it' that's all, and it adds to the snarky humor]

        1. Anonymous Coward
          Anonymous Coward

          Re: Exclaimation! marks! on! every! El! Reg! article! headline! has! been! annoying! for! years!

          YOU also randomly CAPITALISE your words TOO.

      2. dmesg
        Trollface

        Re: Exclaimation! marks! on! every! El! Reg! article! headline! has! been! annoying! for! years!

        But then, Yahoo! has been annoying for even longer. Fair's fair.

  4. Orv Silver badge

    It makes me shudder that ImageMagick is still being used to process user-uploaded content. It was written as an image conversion program for people to use on their desktops; security in the face of hostile input was not originally a concern.

  5. Christian Berger Silver badge

    Well ImageMagick is one of those programs..

    ... trying to do everything and ending up being not very good at such things. It is, in a way, like the systemd of graphics, only that when ImageMagick fails, you'll still boot your system, and that ImageMagick doesn't talk to the network by default.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019