Hacker News new | comments | show | ask | jobs | submit login
Dumping Yahoo authentication secrets with an out-of-bounds read (scarybeastsecurity.blogspot.com)
91 points by scarybeast 124 days ago | hide | past | web | 7 comments | favorite



For those wondering, this issue (referred to as YB2 or Yahoobleed #2 by the author) has already been fixed by Yahoo:

> Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.


FWIW, I've been very impressed with how Yahoo! handled this disclosure.


Ouch. I have a site the generates images with ImageMagick based on user input. Guess I'm off to look for details.


This is YB (Yahoobleed) #2. You might also enjoy YB #1: "*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images": https://scarybeastsecurity.blogspot.com/2017/05/bleed-contin...


What is pointer visualization?


  Neo stares at the endlessly shifting river of
  information, bizarre codes and equations flowing across
  the face of the monitor.

  NEO
  Do you always look at it encoded?

  CYPHER
  Have to. You have no idea what the
  server is running - there's way too
  much information to decode the Yahoo.
  You get used to it, though.  Your brain
  does the translating.  I don't even
  see the code.  All I see is "pointer",
  "string  compare", "function call".
  You want a drink?


Interpreting memory as an image and suspecting that the memory contains a pointer.

https://googleprojectzero.blogspot.de/2014/08/what-does-poin...




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: