Happy New Scope
Note: Verizon Media is now known as Yahoo.
Welcome to the new year! It has been a while since we last saw you around this area. How have you been? No way! You'll have to tell me more about that, but before we get into your thing can we talk about our news? Please? OK. Great. You won't regret it!
Our recent live hacking event in Los Angeles (H1-213, Nov 8 2019) yielded some great bugs (of course), but it also yielded some new assets that we thought should be posted to our public program. We decided to wait until January to really get the year started off strong.
Updates to Assets
1. Yahoo Mail has been broken into more specific domains
- If you can't find the right domain, you can still use the generic Yahoo Mail asset, but being more specific with your choice helps us direct reports for quicker action.
- data.mail.yahoo.com
- le.yahooapis.com
- onepush.query.yahoo.com
- proddata.xobni.yahoo.com
- apis.mail.yahoo.com
- Yahoo Mail Android
- Yahoo Mail AndroidGo
- Yahoo Mail FireOS
- Yahoo Mail iOS
2. Yahoo Calendar domains have been clarified
New(ish) Scope
1. Select open source projects are now eligible for bounties!
- Moloch
- Athenz
- The rest of our open source projects are technically in scope, but at a reduced rate for the time being. Watch our Policy/Scope page for updates.
- Submit a PR that fixes your bug and you might even receive a bonus. This is not a guaranteed bonus.
2. H1-213 Challenge Coin (just for fun; we don’t have any coins left; images are online)
3. Membership
4. Omega
5. Ensemble
Happy New Year,
Happy Hacking,
The Paranoids
.jpg)
