We had an absolute blast all week long in Las Vegas at BSides, BlackHat, DefCon and of course H1-702. If you were in town and came to the Paranoids party at Mansion 54, make sure to give us a shout
@theparanoids and send us your resume if you are interested in a job that is posted on our job listings website.
At H1-702 we set the event scope to cover
*.yahoo.com which was pretty daunting for a lot of folks because of the sheer size and scale of what is included there. Those that weren’t scared by the size told us that they were a bit disappointed because “Yahoo has had a bug bounty program for 6 years, so all the bugs have probably already been found”. If you saw the leaderboard then you would know that is clearly not the case!
But why? Simple my dear Watson: We are still developing these products. All of them. Every day. Every week. Every month. New features, new products, new subscriptions, new services, usability bug fixes, and of course - security bug fixes.
All this new development means that the thing you looked at 6 years ago, 6 months ago, or maybe even 6 weeks ago, is probably different than when you last looked. You bring new skills from your experience in between, new tools you learned and wrote, and just a fresh set of eyes connected to that brilliant brain of yours. Come hack away. We paid out over $1,000,000 for the bugs we received at H1-702. Almost all of that was on
That wasn’t all we included in H1-702 scope though, which brings us to what this message is all about...
Let’s keep this party going with more hacking on The Huffington Post.
X-Bug-Bounty: hackerone-<username>header to your traffic.
For a quick refresher on our Scope Release Event design, please see the update from
July 1 titled
Hack in the Saddle Again! New Scope Release Event Coming Soon