14 Apr
2014
14 Apr
'14
6:32 p.m.
On Mon, Apr 14, 2014 at 3:21 PM, Scott Howard <scott@doc.net.au> wrote:
7-April: OpenSSL's *public* advisory (after a full week of private
notifications, of which yahoo surely was one tech company in on the early notifications)
Given that many of their main services were vulnerable at the time of public disclosure, I think that's a very large assumption to make...
Based on the article below it would appear that Yahoo did NOT know about Heartbleed at the time of public disclosure. http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-... Scott