Connect with us

Social Media

Yahoo hack wasn’t Shellshock, company claims



 Malware attack was not Shellshock, and no user data was affected, Yahoo said

Yahoo has announced that the hackers who breached its servers this weekend did not use the Shellshock superbug as was previously reported.

In a statement, Yahoo’s head of information security Alex Stamos said that hackers had executed malware in a failed search for Shellshock vulnerabilities, and had not gained access to any user data.

The attackers, who zeroed in on the site’s Sports API servers, “mutated” the malicious code to look for access points.

Stamos reported that the original security flaw was exclusive to a small number of machines, and that it has now been fixed, with the malware added to Yahoo’s scanners.

He wrote: “We isolated a handful of servers that were detected to have been impacted by a security flaw. After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock.

“At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected.

“As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public.”

He added: “Just because exploit code works doesn’t mean it triggered the bug you expected!”

Yahoo’s investigation into server security was launched after ethical hacker Jonathan Hall discovered a group of Romanian cyber criminals were infiltrating Yahoo servers.

Hall, who published his method and his findings on his blog, also alerted Yahoo and the FBI to the hack.

Stamos also addressed criticism of Yahoo for not compensating Hall for his discovery, arguing that it was done outside of the company’s bug bounty programme.

He wrote: “Yahoo takes external security reports seriously and we strive to respond immediately to credible tips.

“Our records show no attempt by this researcher to contact us using [bug bounty] means.”

Hall also found similar security breaches in WinZip and Lycos servers. He said that WinZip confirmed the hack and thanked him for the discovery.

Hall claims that Lycos, on the other hand, denied the hack and have tried to cover it up by deleting the compromised script.


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Facebook paid users to track smartphone use




Facebook paid users, including teens, to track their smartphone activity as part of an effort to glean more data that could help the social network’s competition efforts, according to a new report that may raise fresh privacy concerns.

An investigation by the online news site TechCrunch said the effort, which had been known as the Onavo Project and later rebaptized as Facebook Research, was used to gather data on usage habits.

The news could be a further embarrassment for Facebook, which has been under heightened scrutiny over failing to crack down on manipulation of its platform and for sharing private data with its business partners.

According to TechCrunch, Facebook said it shut down the application on Apple’s iOS on Wednesday after the article was published, but apparently kept it active for Android users.

The report said the initial Onavo app was shuttered for violating Apple’s privacy policy and that the newer version may also contravene Apple’s terms.

The program paid users ages 13 to 35 up to $20 a month for “root” access to their devices to track their location, app usage, spending habits and other activity.

According to a statement to TechCrunch, Facebook claimed there was nothing secret about the effort and that it obtained parental consent for teens where required.

Facebook did not immediately respond to further requests for comment.

The project may have allowed Facebook to scoop up more data about younger users as it fends off a challenge from rival services like Snapchat, which has become more popular than Facebook among US teens.

Continue Reading


Instagram is down for some users (FB)




It’s not clear exactly how many people are affected, or what’s causing the outage. Business Insider has reached out to the Facebook-owned photo sharing app for more information.

The app’s news feed is refusing to refresh for some users, while the homepage on desktop won’t load.

Down Detector, a website that tracks outages of popular websites, reported a spike in users saying Instagram was down on Monday, with particular hotspots on both coasts of the United States and the UK.

Continue Reading





Instagram plans to offer high-profile influencers special tools that will provide them with a deeper insight into various data regarding their followers. These tools will be delivered in the form of Creator Accounts, which will only be available to select Instagram users (i.e. influencers, celebs).

An Instagram official recently told The Hollywood Reporter that the company wishes to make sure that “Instagram is the best place, and easiest place, to build fan communities and also build creators. personal brands.”

These creator accounts are meant to function like business-focused profiles and will offer growth insights, including information about follows and unfollows. Influencers will also be able to see weekly and daily data about their followers count changes so that they can better understand what might have caused a decline in their fan base or a spike in new followers.

Also, direct messaging tools that will enable Instagram users to filter notes from brand partners and friends will be available as well. Furthermore, influencers will be allowed to choose how they want to be contacted via flexible labels.

According to Instagram. these new features are being tested with a small beta group at the moment, but they are expected to be rolled out to everyone sometime in 2019.



Continue Reading