Published on March 17th, 2015 📆 | 6394 Views ⚑
0Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities
"We could also shop for free by either changing the prices, or creating our own discount code," Litchfield said in an email describing the attack. "Also, we could place an order, then once received, go and refund our money."
The Internet giant patched all the three bugs two weeks ago after Litchfield publicly released details and proof of concepts for the exploits on Bug Bounty HQ, a community for Bug Bounties website, established by Litchfield last month for fellow hunters to share their findings.
'ON DEMAND PASSWORD'
At recent SXSW session, Yahoo! launched 'on-demand passwords,' which it says will eliminate the need for you to ever remember your email password. Whenever you need it, the company will send you a OTP (one time password) via SMS to your mobile phone.
It's sort of two-factor authentication—without the first factor involved, as there is no need of any log-in password to enter by a user. In order to opt-in for the feature follow some simple steps:
- Sign in to your Yahoo email account.
- Click on your name at the top right corner to access your account information page.
- Choose Security in the sidebar.
- Click on the slider for on-demand passwords, in order to opt-in.
- Enter your phone number and Yahoo will send you a verification code.
- Enter the code.
Now, next time whenever you will sign in into your email account, Yahoo will send a password via an SMS to your phone when you need it.
Also, the end-to-end email encryption that Yahoo! promised will be available soon by the end of this year. The company gave its first demonstration of the locked down messaging system at SXSW session, and it is also delivering early source code for security researchers to analyze.
Gloss