News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Subscribe & Follow

Advertise your job vacancies
    Search jobs

    Yahoo's system breach was not Shellshock

    WASHINGTON, USA: Yahoo said some of its servers were breached briefly by hackers, but that the attack was unrelated to the newly discovered Shellshock vulnerability, and that no user data was compromised.
    Yahoo's Alex Stamos says after extensive investigations the company found that the security breach of its servers was not related to Shellshock or Bash vulnerabilities. Image:
    Yahoo's Alex Stamos says after extensive investigations the company found that the security breach of its servers was not related to Shellshock or Bash vulnerabilities. Image: ITNews

    In a posting on the Hacker News forum, Yahoo's Chief Information Security Officer Alex Stamos said hackers managed to breach three of its sports servers that deliver live game-streaming.

    "After investigating the situation, it turns out that the servers were in fact not affected by Shellshock," Stamos wrote, referring to the recently discovered flaw which could affect millions of computers and other internet-connected devices.

    "At this time we have found no evidence that the attackers compromised any other machines or that any user data was affected. This flaw was specific to a small number of machines and has been fixed," Stamos said.

    The comments came after Security Researcher Jonathan Hall reported the breach, and said it was the result of the flaw known as Shellshock or Bash and assertion he has maintained despite the denial.

    "The Yahoo! infiltration WAS from the 'Shellshock' vulnerability. How do I know? Because I sat there watching it happen," Hall said.

    Stamos said the situation led to confusion because attackers had been trying to use the flaw to gain access.

    "As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public," Stamos said.

    "Once we ensured that the servers were isolated from the network, we conducted a comprehensive trace of the attack code through our entire stack which revealed the root cause: not Shellshock."

    The US government and technology experts warned last month of a vulnerability in some computer-operating systems, including Apple's Mac OS, could allow widespread and serious attacks by hackers.

    The flaw affects Unix-based operating systems. Apple and other software firms have created a patch to protect computers from the Shellshock malware.

    Source: AFP via I-Net Bridge

    Source: I-Net Bridge

    For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.

    We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.

    Go to: http://www.inet.co.za
    Let's do Biz