Shellshock vulnerability research leads to WHAT?!

Mon Oct 6 06:50:26 UTC 2014

While a little off-topic for the NANOG list, I figured some of you may want to know about this. I started researching and testing this vulnerability the day it was released, and once I started researching its usage/exploitation in the wild, I identified that a few major sites were actually compromised using the vulnerability - Yahoo! being one in particular. Tripod/Lycos and WinZip.com were also compromised. Yahoo! reached out and gave me a response, albeit a very weak one, only after the FBI, media and CEO Marissa Mayers was contacted... WinZip patched their boxes and didn't bother responding or notifying me that they got it done. Please do excuse the scattered nature of the email sent to Marissa Mayers @ Yahoo! - there were other correspondences that are currently being kept private, and at the time that I wrote that one, I had been awake for roughly 48 hours and was fueled on caffeine and nicotine. The chances are highly likely that Yahoo! is going to do their best at keeping this quiet and not release any information or details on this, and I figured that some of at are undoubtedly just as at risk from this as anyone else.

Please see the rest of everything related to this at http://www.futuresouth.us/yahoo_hacked.html
And http://www.futuresouth.us/yahoo_response.jpg for their initial response.

Non-authoritative answer:
Name: dip4.gq1.yahoo.com
Address: 63.250.204.25

Non-authoritative answer:
Name: api118.sports.gq1.yahoo.com
Address: 10.212.240.43

These are the two servers that were 100% positively identified thus far as being compromised by both me and Yahoo!, with dip4.gq1.yahoo.com being the initial point of entry via Shellshock.

Jonathan D. Hall

Future South Technologies
www.futuresouth.us
(504) 470-3748 - [main]
(504) 232-3306 -  [cell]

Life is a dream for the wise, a game for the fool, a comedy for the rich and a tragedy for the poor.