Purple Palace pays researcher US$778 bounty per byte
21 May 2017 at 23:58, Richard Chirgwin How would you like US$778 per byte for your exploit?
That's what security researcher Chris Evans just scored from Yahoo!, for an 18-byte demonstration of how private Yahoo! Mail images could leak.
Even though the bug's been patched, Yahoo! decided it was one bug too many in the library, and retired it.
Because (a) bugs get brands these days; and (b) “*bleed attacks are hot right now”, Evans called his trick “Yahoobleed #1” (YB1).
Full Article