Yahoo

Yahoo launched a bug bounty programme on Friday following the scandal that unravelled last month, which saw a security firm rewarded with a $12.50 Yahoo Company Store voucher for uncovering a security flaw.

In what is good news for security researchers, Yahoo said that the bounty programme will now pay up to $15,000 to ethical hackers who find vulnerabilities in its web services, a much bigger reward than its previous policy of offering a company t-shirt.

British and US intelligence agencies managed to tap into the connections between data centers run by Yahoo! and Google, and in one month this year slurped 181,280,466 records, including metadata and the contents of communications, according to new documents from Edward Snowden.

A report dated January 9, 2013, from NSA’s acquisitions directorate, detailed the operation, dubbed MUSCULAR, in which operatives from the NSA and Britain's GCHQ tapped the fiber-optic transmission cables from the non-US data centers run by the two firms.

Yahoo revealed today that it will dole out rewards of up to $15,000 (and starting from $150) to individuals and firms that inform the company of bugs and vulnerabilities classified as new, unique and/or high-risk issues, as part of an updated vulnerability reporting policy.

This is a huge change from what Yahoo has been giving to researchers who have discovered bugs and reported them to the company: a t-shirt. Just a few days ago, Graham Cluley reported that researchers at High-Tech Bridge were rewarded with a $12.50 voucher to buy a corporate t-shirt.

Yahoo has raised the ire of security researchers after handing out a measly $US12.50 each for flaws found in its websites.

Web and software companies offer so-called bug bounties, paying third-party security researchers for flaws they find in their products. Google, for example, regularly pays out bounties in the hundreds or thousands of dollars.

Yahoo users in possession of a recycled ID are reporting that they’re receiving emails meant for previous owners—some that include sensitive information. According to a report from InformationWeek, the issue began after spam emails started flooding in, but people soon started to notice some of those emails contained account information, confirmation for appointments, and more. Basically, everything you wouldn’t want someone to see, they’re now seeing.

Marissa Mayer was on stage on Wednesday at the TechCrunch Disrupt conference when Michael Arrington asked her about NSA snooping.

He wanted to know what would happen if Yahoo just didn't cooperate. He wanted to know what would happen if she were to simply talk about what was happening, even though the government had forbidden it.

"Releasing classified information is treason. It generally lands you incarcerated," she said, clearly uncomfortable with the turn of the conversation.

The CEOs of Yahoo and Facebook were each on the hot seat Wednesday answering questions about the U.S. government’s data surveillance programs.

Yahoo CEO Marissa Mayer, in an on-stage interview at the TechCrunch Disrupt conference in San Francisco, said she couldn’t say more about the programs than Yahoo already has because doing so could be “treason.”

Facebook, Google, Yahoo and Microsoft all filed petitions Monday with the Foreign Intelligence Surveillance Court, as part of a renewed effort to reveal more information about government data requests.

The companies had already petitioned the U.S. government to let them be more specific in reporting the volume of national security-related requests they receive, following the first leaks in June about government surveillance programs such as Prism.

The companies said Monday they are pushing harder now because those previous efforts did not pay off.

Yahoo has ended its news and community services in China, having already closed its email service, hinting it is retreating from the country almost completely.

The company, which is undergoing a transformation under the leadership of Marissa Mayer, said in a farewell note on the Yahoo China homepage it was “adjusting its operations strategy”.

Yahoo has a stake in Alibaba, which runs the Chinese side of Yahoo, and some believe the latter has gained the most out of the deal, hence the reason for Mayer’s move out of the country.

Yahoo has downplayed concerns that its plans to recycle inactive user IDs could leave users exposed to hackers, saying only 7 per cent of those IDs are tied to actual Yahoo email accounts.

The internet company, which announced last week it would release user IDs that have been inactive for more than 12 months so that other people can claim them, was pressed to defend the plan after critics warned that hackers who take control of inactive accounts could also assume the identities of the accounts' previous owners.