March 12, 2020

Events, they are a-changin’

Note: Verizon Media is now known as Yahoo.

New Release

To our Finders, Researchers, Hackers, Friends, Community Members, et al,

Call us Paranoid, but we would prefer an abundance of caution for our hackers, our employees, and our partners, especially around something like the COVID-19 coronavirus.

Despite this situation, and in line with our regular mission to Build Brands People Love, our standard program continues to operate as usual with one major(?) adjustment. The Paranoids are continually evaluating plans to innovate, and working on new ways to bring our broad scope to our talented hackers. We will continue to monitor the global health and safety landscape, and look forward to getting back out there with you all… but until then, we are announcing:

Live Virtual Hacking Events!

Today we are adapting to the state of the world and bringing you all a brand new format: Virtual Hacking Event.

Verizon Media products/scope have been a major target at many live hacking events over the past few years, and we had been planning to make 2020 even more memorable, exciting, and NEW.

2018: H1-91832, H1-415, H1-5411, H1-212

2019: H1-415, VM-562, H1-702, H1-213

2020: H1-415

We put so much energy into planning our next event that should have taken place in Singapore at BlackHat Asia, that we thought it would be a total shame to just scrap it all. So we looked around to try to figure out what we could do to repurpose that effort.

People tell us there is a ‘formula’ for planning and executing a live event. We tend to agree….. ish.

When we look at a hacking event, we think about it in terms of a few different things, make some decisions around what we think we can do, and then begin executing our special runbook to make an event happen. Along the way, we always find questions and opportunities; and so, at every event, we try to not just change the event, but alter the ‘formula’ for what a hacking event means.

Ask yourself, could we simply remove the need to travel for these events? What would that do to the event structure? Can the event still operate the same way? What would need to change? What could we add? What can we do remotely, that we could not if everyone is together in the same place?

We don’t have all the answers, but we do have some and hope to answer more of them with your help. Here is the overview of what we have come up with for our first Virtual Hacking Event:

  • Kickoff: Introduction presentation via video chat
  • Main Event: 2 weeks of recon, testing, pre-submissions
  • Connect: office hours, Q&A with devs, virtual social activities, live leaderboard
  • Finale: new scope (maybe), recon, testing, submissions, bounties, Show&Tell presentations, End-of-Event awards

In the next week or so, we will send out invitations to those hackers who have been selected to participate in this inaugural VHE with us. If you don’t get an invitation but want one, keep hacking with us and try to earn your spot in our future events.

Please Stay Safe, @TheParanoids