Jonathan Hall, who this week claimed to have found the Shellshock flaw on servers at companies including Yahoo, has been visited by the FBI over a possible violation of the US Computer Fraud and Abuse Act.
Hall said he gained access to a server belonging to compression software maker WinZip, and issued a command on the machine that displayed the contents of malicious file on his own monitor. After that, he ran a “kill” command on WinZip’s server that terminated the malicious program.
After this, he was visited on Tuesday, with the FBI wanting to ask about the research he’d done. Hall said he copied the FBI on his original email notifying Yahoo of its problems, he said it was “an awkward kind of conversation.”
VIEW FULL STORY