Settings

Theme

Dumping Yahoo authentication secrets with an out-of-bounds read

scarybeastsecurity.blogspot.com

91 points by scarybeast 9 years ago · 7 comments

Reader

smaili 9 years ago

For those wondering, this issue (referred to as YB2 or Yahoobleed #2 by the author) has already been fixed by Yahoo:

> Yahoo! fixed YB2 at the same time as YB1, by retiring ImageMagick.

  • scarybeastOP 9 years ago

    FWIW, I've been very impressed with how Yahoo! handled this disclosure.

  • tyingq 9 years ago

    Ouch. I have a site the generates images with ImageMagick based on user input. Guess I'm off to look for details.

scarybeastOP 9 years ago

This is YB (Yahoobleed) #2. You might also enjoy YB #1: "*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images": https://scarybeastsecurity.blogspot.com/2017/05/bleed-contin...

mdani 9 years ago

What is pointer visualization?

  • logicallee 9 years ago

      Neo stares at the endlessly shifting river of
      information, bizarre codes and equations flowing across
      the face of the monitor.
    
      NEO
      Do you always look at it encoded?
    
      CYPHER
      Have to. You have no idea what the
      server is running - there's way too
      much information to decode the Yahoo.
      You get used to it, though.  Your brain
      does the translating.  I don't even
      see the code.  All I see is "pointer",
      "string  compare", "function call".
      You want a drink?
  • dom0 9 years ago

    Interpreting memory as an image and suspecting that the memory contains a pointer.

    https://googleprojectzero.blogspot.de/2014/08/what-does-poin...

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection