In a posting on the Hacker News forum, Yahoo's Chief Information Security Officer Alex Stamos said hackers managed to breach three of its sports servers that deliver live game-streaming.
"After investigating the situation, it turns out that the servers were in fact not affected by Shellshock," Stamos wrote, referring to the recently discovered flaw which could affect millions of computers and other internet-connected devices.
"At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected. This flaw was specific to a small number of machines and has been fixed," Stamos said.
The comments came after Security Researcher Jonathan Hall reported the breach, and said it was the result of the flaw known as Shellshock or Bash and assertion he has maintained despite the denial.
"The Yahoo! infiltration WAS from the 'Shellshock' vulnerability. How do I know? Because I sat there watching it happen," Hall said.
Stamos said the situation led to confusion because attackers had been trying to use the flaw to gain access.
"As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public," Stamos said.
"Once we ensured that the servers were isolated from the network, we conducted a comprehensive trace of the attack code through our entire stack which revealed the root cause: not Shellshock."
The US government and technology experts warned last month of a vulnerability in some computer-operating systems, including Apple's Mac OS, could allow widespread and serious attacks by hackers.
The flaw affects Unix-based operating systems. Apple and other software firms have created a patch to protect computers from the Shellshock malware.
Source: AFP via I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za
