Yahoo included their private certificate in Axis
github.comI've heard rumours from within Yahoo! that next major product release they're planning on including a copy of Scott Thompson's computer science degree.
Ouch. But we've all had moments of forehead-slapping stupidity; I really feel for whoever let this slip through.
They will never live it down.
The amusing part is that they escaped n rounds of major layoffs, only to be (presumably) canned for something avoidable.
Looks like they want to give others an opportunity to fix codes for Yahoo. This will take the open-source to a new level.
Is this responsible disclosure?
See http://news.ycombinator.com/item?id=4016867.
In general, note that the people demanding responsible disclosure (i.e. major vendors) also greatly benefit from it. (In general, creating and enforcing an ethical norm is not itself an ethically neutral act.)
There is no such thing as responsible disclosure.
http://en.wikipedia.org/wiki/Responsible_disclosure
Not sure I really agree. I think it would be courteous to politely inform yahoo! of their mistake. Potentially more rewarding, as well.
http://en.wikipedia.org/wiki/Allah
Lots of things that don't exist have Wikipedia pages.
Sounds like an affirmative claim, can you prove that? ;)
How hard is it for Yahoo to change their certificate?
Honestly, it could probably be worse. Who uses Axis, anyway?
It still looks extremely bad for Yahoo, though.
It's a key, not a certificate.
WOOPSIE POOPSIES!