Verizon Explores Lower Price or Even Exit From Yahoo Deal

Verizon is reconsidering its $4.8 billion purchase of Yahoo, according to Bloomberg. Citing a source, the publication claims that Wednesday’s announcement by Yahoo — theft of info from one billion users — has led Verizon to consider scrapping the dea…

Verizon is reconsidering its $4.8 billion purchase of Yahoo, according to Bloomberg. Citing a source, the publication claims that Wednesday’s announcement by Yahoo — theft of info from one billion users — has led Verizon to consider scrapping the deal entirely. From the report: While a Verizon group led by AOL Chief Executive Officer Tim Armstrong is still focused on integration planning to get Yahoo up and running, another team, walled off from the rest, is reviewing the breach disclosures and the company’s options, said the person, who asked not to be identified discussing private information. A legal team led by Verizon General Counsel Craig Silliman is assessing the damage from the breaches and is working toward either killing the deal or renegotiating the Yahoo purchase at a lower price, the person said. One of the major objectives for Verizon is negotiating a separation from any future legal fallout from the breaches. Verizon is seeking to have Yahoo assume any lasting responsibility for the hack damage, the person said.

Read more of this story at Slashdot.

Yahoo Fixes Flaw Allowing an Attacker To Read Any User’s Emails

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim’s email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. T…

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim’s email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year’s Yahoo Mail bug, which similarly let an attacker compromise a user’s account. Yahoo filters HTML messages to ensure that malicious code won’t make it through into the user’s browser, but the researcher found that the filters didn’t catch all of the malicious data attributes.

Read more of this story at Slashdot.

Yahoo Fixes Flaw Allowing an Attacker To Read Any User’s Emails

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim’s email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. T…

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim’s email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year’s Yahoo Mail bug, which similarly let an attacker compromise a user’s account. Yahoo filters HTML messages to ensure that malicious code won’t make it through into the user’s browser, but the researcher found that the filters didn’t catch all of the malicious data attributes.

Read more of this story at Slashdot.

Some Within Yahoo Knew of Massive Breach in 2014

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo’s board, which launched an internal…

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo’s board, which launched an internal probe in August to learn more about the state-sponsored attack that affected data belonging to at least 500 million members, discovered that staff knew of the attack two years ago. “The company had identified that a state-sponsored actor had access to the company’s network in late 2014,” the company said In a filing with Securities and Exchange Commission.

Read more of this story at Slashdot.

Verizon Says Yahoo Name Isn’t Going Away

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acqui…

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. “We won’t jump off of a cliff blindly.” She continues to believe there’s value in the Yahoo name, noting that it won’t go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a “material impact” to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.

Read more of this story at Slashdot.

Verizon Says Yahoo Name Isn’t Going Away

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acqui…

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: “The deal makes strategic sense,” said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. “We won’t jump off of a cliff blindly.” She continues to believe there’s value in the Yahoo name, noting that it won’t go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a “material impact” to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.

Read more of this story at Slashdot.

Yahoo Wants To Know If FBI Ordered Yahoo To Scan Emails

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users’ emails for specific terms last year and i…

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users’ emails for specific terms last year and if so, to declassify the order. The letter is the result of news reports earlier this month that detailed an order that the FBI allegedly served on Yahoo in 2015 in an apparent effort to find messages with a specific set of terms. The stories allege that Yahoo complied with the order and installed custom software to accomplish the task. Yahoo officials said at the time the Reuters story came out that there is no such scanning system on its network, but did not say that the scanning software never existed on the network at all. “Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail. Your office, however, is well positioned to clarify this matter of public interest. Accordingly, we urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances,” the letter says.

Read more of this story at Slashdot.

Yahoo Explains Why It Recently Disable Automatic Forwarding On Yahoo Mail; Reinstates the Feature

Earlier this month, Yahoo disabled the auto-forwarding feature from its Yahoo Mail email service, leaving people with little choice but to use Yahoo Mail client to check the emails their received on their Yahoo account. The company has now acknowledged…

Earlier this month, Yahoo disabled the auto-forwarding feature from its Yahoo Mail email service, leaving people with little choice but to use Yahoo Mail client to check the emails their received on their Yahoo account. The company has now acknowledged the issue, explaining why it all happened, and most importantly, switched email forwarding feature on again. From a BusinessInsider report: “Why the pause? Over the past year, Yahoo Mail has been upgrading its platform. This has allowed us to bring a better search experience to Yahoo Mail, add multiple account support, and improve performance as we quickly scale this new system globally. The feature was temporarily disabled as part of this process,” Michael Albers, VP of Yahoo Mail product management, wrote in a blog post. To turn on mail forwarding, go to Settings — Account in Yahoo Mail and enter your forwarding address. After confirming that you, in fact, control that other address, automatic forwarding should be turned on.

Read more of this story at Slashdot.

As Contradictions Mount, Experts Call For Declassification of Yahoo’s Email-Scanning Order

An anonymous Slashdot reader writes:
Look at this contradiction in the government’s story about their secret scans on hundreds of millions of Yahoo emails. “Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for st…

An anonymous Slashdot reader writes:
Look at this contradiction in the government’s story about their secret scans on hundreds of millions of Yahoo emails. “Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages.” But three former Yahoo employee have now said that actually the court-ordered search “was done by a module attached to the Linux kernel — in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled… They said that made it hard to detect and also made it hard to figure out what the program was doing.”

Slashdot reader Trailrunner7 writes:

Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. “If the reports about the Yahoo order are accurate — including requiring the company to custom build new software to accomplish the scanning — it’s hard to imagine a better candidate for declassification and disclosure under Section 402,” Aaron Mackey of the EFF said.

Read more of this story at Slashdot.

Yahoo CEO Marissa Mayer Led Illegal Purge of Male Employees, Lawsuit Charges

A prominent local media executive fired from Yahoo last year has filed a lawsuit accusing CEO Marissa Mayer of leading a campaign to purge male employees. “Mayer encouraged and fostered the use of (an employee performance-rating system) to accommodate …

A prominent local media executive fired from Yahoo last year has filed a lawsuit accusing CEO Marissa Mayer of leading a campaign to purge male employees. “Mayer encouraged and fostered the use of (an employee performance-rating system) to accommodate management’s subjective biases and personal opinions, to the detriment of Yahoo’s male employees,” said the suit by Scott Ard filed this week in federal district court in San Jose. From a MercuryNews article: Ard, who worked for Yahoo for 3 and a half years until January 2015, is now editor-in-chief of the Silicon Valley Business Journal. His lawsuit also claims that Yahoo illegally fired large numbers of workers ousted under a performance-rating system imposed by Mayer. That allegation was not tied to gender. Yahoo spokeswoman Carolyn Clark said Yahoo couldn’t comment on pending litigation, but she defended the company’s performance-review process, which she said was guided by “fairness.” “Our performance-review process was developed to allow employees at all levels of the company to receive meaningful, regular and actionable feedback from others,” Clark said. “We believe this process allows our team to develop and do their best work. Our performance-review process also allows for high performers to engage in increasingly larger opportunities at our company, as well as for low performers to be transitioned out.”

Read more of this story at Slashdot.