Some Within Yahoo Knew of Massive Breach in 2014

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo’s board, which launched an internal…

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo’s board, which launched an internal probe in August to learn more about the state-sponsored attack that affected data belonging to at least 500 million members, discovered that staff knew of the attack two years ago. “The company had identified that a state-sponsored actor had access to the company’s network in late 2014,” the company said In a filing with Securities and Exchange Commission.

Read more of this story at Slashdot.

Verizon Says Yahoo Name Isn’t Going Away

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acqui…

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. “We won’t jump off of a cliff blindly.” She continues to believe there’s value in the Yahoo name, noting that it won’t go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a “material impact” to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.

Read more of this story at Slashdot.

Verizon Says Yahoo Name Isn’t Going Away

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acqui…

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. “We won’t jump off of a cliff blindly.” She continues to believe there’s value in the Yahoo name, noting that it won’t go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a “material impact” to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.

Read more of this story at Slashdot.

Yahoo Wants To Know If FBI Ordered Yahoo To Scan Emails

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users’ emails for specific terms last year and i…

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users’ emails for specific terms last year and if so, to declassify the order. The letter is the result of news reports earlier this month that detailed an order that the FBI allegedly served on Yahoo in 2015 in an apparent effort to find messages with a specific set of terms. The stories allege that Yahoo complied with the order and installed custom software to accomplish the task. Yahoo officials said at the time the Reuters story came out that there is no such scanning system on its network, but did not say that the scanning software never existed on the network at all. “Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail. Your office, however, is well positioned to clarify this matter of public interest. Accordingly, we urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances,” the letter says.

Read more of this story at Slashdot.

Yahoo Explains Why It Recently Disable Automatic Forwarding On Yahoo Mail; Reinstates the Feature

Earlier this month, Yahoo disabled the auto-forwarding feature from its Yahoo Mail email service, leaving people with little choice but to use Yahoo Mail client to check the emails their received on their Yahoo account. The company has now acknowledged…

Earlier this month, Yahoo disabled the auto-forwarding feature from its Yahoo Mail email service, leaving people with little choice but to use Yahoo Mail client to check the emails their received on their Yahoo account. The company has now acknowledged the issue, explaining why it all happened, and most importantly, switched email forwarding feature on again. From a BusinessInsider report: “Why the pause? Over the past year, Yahoo Mail has been upgrading its platform. This has allowed us to bring a better search experience to Yahoo Mail, add multiple account support, and improve performance as we quickly scale this new system globally. The feature was temporarily disabled as part of this process,” Michael Albers, VP of Yahoo Mail product management, wrote in a blog post. To turn on mail forwarding, go to Settings — Account in Yahoo Mail and enter your forwarding address. After confirming that you, in fact, control that other address, automatic forwarding should be turned on.

Read more of this story at Slashdot.

As Contradictions Mount, Experts Call For Declassification of Yahoo’s Email-Scanning Order

An anonymous Slashdot reader writes:
Look at this contradiction in the government’s story about their secret scans on hundreds of millions of Yahoo emails. “Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for st…

An anonymous Slashdot reader writes:
Look at this contradiction in the government’s story about their secret scans on hundreds of millions of Yahoo emails. “Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages.” But three former Yahoo employee have now said that actually the court-ordered search “was done by a module attached to the Linux kernel — in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled… They said that made it hard to detect and also made it hard to figure out what the program was doing.”

Slashdot reader Trailrunner7 writes:

Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. “If the reports about the Yahoo order are accurate — including requiring the company to custom build new software to accomplish the scanning — it’s hard to imagine a better candidate for declassification and disclosure under Section 402,” Aaron Mackey of the EFF said.

Read more of this story at Slashdot.

Yahoo CEO Marissa Mayer Led Illegal Purge of Male Employees, Lawsuit Charges

A prominent local media executive fired from Yahoo last year has filed a lawsuit accusing CEO Marissa Mayer of leading a campaign to purge male employees. “Mayer encouraged and fostered the use of (an employee performance-rating system) to accommodate …

A prominent local media executive fired from Yahoo last year has filed a lawsuit accusing CEO Marissa Mayer of leading a campaign to purge male employees. “Mayer encouraged and fostered the use of (an employee performance-rating system) to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees,” said the suit by Scott Ard filed this week in federal district court in San Jose. From a MercuryNews article: Ard, who worked for Yahoo for 3 and a half years until January 2015, is now editor-in-chief of the Silicon Valley Business Journal. His lawsuit also claims that Yahoo illegally fired large numbers of workers ousted under a performance-rating system imposed by Mayer. That allegation was not tied to gender. Yahoo spokeswoman Carolyn Clark said Yahoo couldn’t comment on pending litigation, but she defended the company’s performance-review process, which she said was guided by “fairness.” “Our performance-review process was developed to allow employees at all levels of the company to receive meaningful, regular and actionable feedback from others,” Clark said. “We believe this process allows our team to develop and do their best work. Our performance-review process also allows for high performers to engage in increasingly larger opportunities at our company, as well as for low performers to be transitioned out.”

Read more of this story at Slashdot.

Yahoo Offers Non-Denial Denial of Bombshell Spy Report

Reuters reported on Tuesday that Yahoo last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials. When The Intercept reached out to Yahoo for an o…

Reuters reported on Tuesday that Yahoo last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials. When The Intercept reached out to Yahoo for an official comment and explanation, the company offered a non-denial response after 20 hours since Reuters’s report, a report said. (If a report is inaccurate, the company says so explicitly. Non-denial is something you give when you are caught off guard and things reported are true.) From the report: From Yahoo’s PR firm, “The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems.” This is an extremely carefully worded statement, arriving roughly 20 hours after the Reuters story first broke. That’s a long time to craft 29 words. It’s unclear as well why Yahoo wouldn’t have put this statement out on Tuesday, rather than responding, cryptically, that they are “a law abiding company, [that] complies with the laws of the United States.” But this day-after denial isn’t even really a denial: The statement says only that the article is misleading, not false. It denies only that such an email scanning program “does not” exist — perhaps it did exist at some point between its reported inception in 2015 and today. It also pins quite a bit on the word “described” — perhaps the Reuters report was overall accurate, but missed a few details. And it would mean a lot more for this denial to come straight from the keyboard of a named executive at Yahoo — perhaps Ron Bell, the company’s general counsel — rather than a “strategic communications firm.”Reuters reported that Yahoo’s decision has prompted questions in Europe whether EU citizens’ data had been compromised, and this could result in derailing a new trans-Atlantic data sharing deal.

Read more of this story at Slashdot.

Yahoo Open Sources a Deep Learning Model For Classifying Pornographic Images

New submitter OWCareers writes: Yahoo today announced its latest open-source release: a model that can figure out if images are specifically pornographic in nature. The system uses a type of artificial intelligence called deep learning, which involves …

New submitter OWCareers writes: Yahoo today announced its latest open-source release: a model that can figure out if images are specifically pornographic in nature. The system uses a type of artificial intelligence called deep learning, which involves training artificial neural networks on lots of data (like dirty images) and getting them to make inferences about new data. The model that’s now available on GitHub under a BSD 2-Clause license comes pre-trained, so users only have to fine-tune it if they so choose. The model works with the widely used Caffe open source deep learning framework. The team trained the model using its now open source CaffeOnSpark system.The new model could be interesting to look at for developers maintaining applications like Instagram and Pinterest that are keen to minimize smut. Search engine operators like Google and Microsoft might also want to check out what’s under the hood here.The tool gives images a score between 0 to 1 on how NSFW the pictures look. The official blog post from Yahoo outlines several examples.

Read more of this story at Slashdot.

Yahoo Repeatedly Didn’t Invest In Security, Rejected Bare Minimum Measure To Reset All User Passwords: NYTimes

If it wasn’t already enough that the mega breach at Yahoo affects over 500 million users, a new investigative report on The New York Times states the extent to which Yahoo didn’t care about its users’ security (Editor’s note: the link could be paywalle…

If it wasn’t already enough that the mega breach at Yahoo affects over 500 million users, a new investigative report on The New York Times states the extent to which Yahoo didn’t care about its users’ security (Editor’s note: the link could be paywalled; alternate source). The report says Yahoo CEO Marissa Mayer refused to fund security initiatives at the company, and instead invested money in features and new products. Despite Edward Snowden warning Yahoo that it was too easy of a target for hackers, the company took one year to hire a new chief information officer. The company hired Alex Stamos, who is widely respected in the industry. But Stamos soon left partly due to clashes with Mayer, The Times adds. And it gets worse. From the report:But when it came time to commit meaningful dollars to improve Yahoo’s security infrastructure, Ms. Mayer repeatedly clashed with Mr. Stamos, according to the current and former employees. She denied Yahoo’s security team financial resources and put off proactive security defenses, including intrusion-detection mechanisms for Yahoo’s production systems. […] But during his tenure, Ms. Mayer also rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach. Employees say the move was rejected by Ms. Mayer’s team for fear that even something as simple as a password change would drive Yahoo’s shrinking email users to other services.

Read more of this story at Slashdot.