Yahoo says that “handful” of its servers were impacted, but said there was no evidence of a compromise to user data, and user data were not affected by hacker, also said they did not use Shellshock vulnerabilities to attack, and therefore withdrew the statement released earlier in the day. Yahoo’s chief information security officer Alex Stamos said hackers use malicious code to mimic the software used to monitor the company’s network log. But the company said before, these servers compromised Shellshock vulnerabilities, hackers could take to get the remote control. However, Stamos said, after further investigation, they believe is not the case, no user data stolen.
Yahoo overwhelmed changed to highlight the business and its security team, the challenge in the process of making rapid response to attacks by hackers and analysis faced. Due to the outside world hope to learn more about the attack as soon as possible, so companies may rush to publish news even before fully understand the situation.
A security flaw, called Shellshock, that could expose vulnerabilities in many web servers was identified on September 24. Hackers can use this vulnerability to install the software with a computer implanted Bash code, take remote control of the server.
After disclosure of the vulnerability, security researchers have configured a number of computers, specialized monitoring related to aggressive behavior. They expect that criminals could exploit this vulnerability invasion of enterprise servers.
Yahoo was detected yesterday, this vulnerability. Stamos said that although hackers looking for ways Shellshock server vulnerability, but eventually invaded Yahoo server is a group of malicious code.
“There is no evidence to suggest that hacking the other servers, there is no evidence to suggest that there is any data users are affected.” Stamos said, “As you can imagine, this gave our team caused some problems.”
Security researcher Jonathan Hall found that Yahoo was attacked by scanning that Romanian hackers used the Shellshock bug to gain access to Yahoo servers, according to a post on his website Future South.
“We understand the matter began after repair system, and has been closely monitoring our network.” Yahoo spokeswoman Elisa Shyu said, “We are committed to providing the most secure experience for users worldwide, and will continue to protect our user data. “
Hall was not satisfied with Yahoo’s reaction. “You can’t just believe that no customer information was affected,” he said, and criticized the deficiency of details in the yahoo declaration. “Did you closed three web servers, or did you separate a handful? Once you’re in one [server], it’s not that difficult to begin browsing through one after the other.”
