Yahoo announced on Wednesday that it is winding down its long-running Yahoo Groups site. From a report: As of October 21, users will no longer be able to post new content to the site, and on December 14 Yahoo will permanently delete all previously posted content. "You'll have until that date to save anything you've uploaded," an announcement post reads. Yahoo Groups, launched in 2001, is a cross between a platform for mailing lists and internet forums. Groups can be interacted with on the Yahoo Groups site itself, or via email. In the 18 years that it existed, numerous niche communities made a home on the platform. Now, with the site's planned obsolescence, users are looking for ways to save their Groups history.

A former Yahoo software engineer pleaded guilty yesterday to hacking into the personal accounts of over 6,000 Yahoo users, in search of sexual images and videos. From a report: Reyes Daniel Ruiz, 34, of Tracy, California, worked for more than ten years for Yahoo!, where he served as a reliability engineer for the company's Yahoo! Mail service, among other roles. According to court documents, Ruiz used the access to Yahoo!'s internal network that his job provided to crack users' passwords and gain access to their email accounts. In total, he accessed about 6,000 accounts, most belonging to younger women, including personal friends and work colleagues. Once in, he searched and downloaded images and videos, which he stored at home on a hard drive. Ruiz also used access to the hacked Yahoo! email inboxes to compromise accounts at services like Apple iCloud, Facebook, Gmail, DropBox, and others, where the victims used the Yahoo! email address to register accounts. He did this by requesting password resets on the third-party sites, which he received inside the victim's Yahoo! inboxes. Ruiz then continued his search of personal images and videos on these new accounts.

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: So what did Snowden's leaks really tell us? The brilliant thing about the Snowden leaks was that he didn't tell us much of anything. He showed us. Most of the revelations came in the form of a Powerpoint slide deck, the misery of which somehow made it all more real. And despite all the revelation fatigue, the things he showed us were remarkable. I'm going to hit a few of the highlights from my perspective. Many are cryptography-related, just because that's what this blog is about. Others tell a more basic story about how vulnerable our networks are.

"Collect it all"

Prior to Snowden, even surveillance-skeptics would probably concede that, yes, the NSA collects data on specific targets. But even the most paranoid observers were shocked by the sheer scale of what the NSA was actually doing out there. The Snowden revelations detailed several programs that were so astonishing in the breadth and scale of the data being collected, the only real limits on them were caused by technical limitations in the NSA's hardware. Most of us are familiar with the famous examples, like nationwide phone metadata collection. But it's the bizarre, obscure leaks that really drive this home. "Optic Nerve": From 2008-2010 the NSA and GCHQ collected millions of still images from every Yahoo! Messenger webchat stream, and used them to build a massive database for facial recognition. The collection of data had no particular rhyme or reason -- i.e., it didn't target specific users who might be a national security threat. It was just... everything.

A Spanish private security firm spied on Wikileaks founder Julian Assange on behalf of the CIA while he was inside Ecuador's embassy in London, according to the Spanish newspaper El Pais. An anonymous reader quotes AFP: Citing unspecified documents and statements, the paper said Undercover Global Ltd, which was responsible for security at the embassy while Assange was staying there, sent the US intelligence service audio and video files of meetings he had with his lawyers. The reports were allegedly handed over by David Morales, who owns the company and is currently being investigated by Spain's National Court, the paper said....

According to El Pais, Undercover Global installed microphones in the embassy's fire extinguishers as well as in the women's toilets where Assange's lawyers used to meet for fear of being spied on. It said the company also installed a streaming system so the recordings could be directly accessed by US officials, enabling them to spy on a meeting Assange had with Ecuador's secret service chief Rommy Vallejo in December 2017.
El Pais reports that the company's team was also ordered to install stickers that prevented the windows from vibrating in one of the rooms Assange used, "allegedly to make it easier for the CIA to record conversations with their laser microphones."

People who had Yahoo accounts between 2012 and 2016 can now apply for a cash payment of $100, but the final amount you receive could be more or less than $100 depending on how many people file claims. From a report: It's also possible to file claims for up to $25,000 if you can document actual out-of-pocket losses and lost time due to the breach. However, actual payouts for all claims could be much lower if the total amount claimed exceeds what's available from the $117.5 million settlement. The settlement class potentially includes up to 194 million people, so these amounts would be paid in full only if the vast majority of eligible people don't ask for money. The settlement website lets all class members choose from at least two years of free credit monitoring services or the $100 cash payment. While that amount isn't guaranteed, just like in the Equifax settlement, at least the Yahoo settlement website makes that clear up front.

"The US military has been forced to apologise for tweeting that it would use stealth-bombers on 'millenials' who try to storm Area 51," reports Yahoo News UK: More than two million people signed up to a Facebook event recently which encouraged atendees to visit the top secret base in Nevada. But only a few thousand UFO enthusiasts turned up on Friday to the facility, which is rumoured to contain secrets about aliens. As hordes of enthusiasts turned up the PR arm of the US military, called the Defence Visual Information Distribution Service (DVIDS), tweeted: "The last thing #Millennials will see if they attempt the #area51raid today" with a picture of military officers in front of a stealth bomber.

Shortly afterwards the tweet was deleted and the unit apologised saying it "in no way" reflects their stance... "It was inappropriate and we apologize for this mistake."

Around 1,000 people visited the facility's gates on Friday and at least six were arrested by police.

The Storm Area 51 invitation spawned festivals in the tiny nearby towns of Rachel and Hiko, more than two hours' drive from Las Vegas. Lincoln County Sheriff Kerry Lee estimated late on Thursday that about 1,500 people had gathered at the festival sites, and more than 150 made the trip several additional miles on bone-rattling dirt roads to get within selfie distance of the gates.... "It's public land," the sheriff said. "They're allowed to go to the gate as long as they don't cross the boundary."
Most of the arrests were for "misdemeanor trespassing on base property," which carries a $1,000 fine, according to the article. "In the end, no one actually 'stormed' Area 51, although deputies in rural Nye County resorted to 'heated warnings' to disperse as many as 200 people," reports the Associated Press.

In another article the news service also quotes Lincoln County emergency services chief Eric Holt as saying resources had been mustered to handle up to 30,000 people and calling the low turnout a "best-case" scenario... Although there were two car crashes involving cows. "The cows died, but motorists weren't hurt."

The main festival apparently drew 3,000 attendees, while the rival "Area 51 Basecamp" festival sold just 500 tickets for their Friday concert, prompting them to cancel their Saturday concert altogether. Its promoter told the Associated Press, "It was a gamble financially. We lost."

Facebook revealed Friday that it had suspended "tens of thousands" of apps that may have mishandled users' personal data, [Editor's note: the link may be paywalled; alternative source] part of an investigation sparked by the social giant's entanglement with Cambridge Analytica. From a report: The suspensions -- far more than the hundreds against which Facebook has taken action against in the past -- occurred for a "variety of reasons," the company said in a blog post, without elaborating. They were associated with about 400 developers. Facebook said it had investigated millions of apps and targeted those that Facebook said had access to "large amounts of information" or had the "potential to abuse" its policies. Facebook said some of the apps were banned for inappropriately sharing users' data, the same violation of company policy that led to the Cambridge Analytica scandal. It added that its investigation, now 18 months long, isn't yet complete.

A Navy official has confirmed that recently released videos of unidentified flying objects are real, but that the footage was not authorized to be released to the public in the first place. From a report: Joseph Gradisher, the spokesman for the Deputy Chief of Naval Operations for Information Warfare, confirmed to TIME that three widely-shared videos captured "Unidentified Aerial Phenomena." Gradisher initially confirmed this in a statement to "The Black Vault" a website dedicated to declassified government documents. "The Navy designates the objects contained in these videos as unidentified aerial phenomena," Gradisher told the site.

He tells TIME that he was "surprised" by the press coverage surrounding his statement to the site, particularly around his classification of the incursions as "unidentifiable," but says that he hopes that leads to UAP's being "de-stigmatized." "The reason why I'm talking about it is to drive home the seriousness of this issue," Gradisher says. "The more I talk, the more our aviators and all services are more willing to come forward." Gradisher would not speculate as to what the unidentified objects seen in the videos were, but did say they are usually proved to be mundane objects like drones -- not alien spacecraft. "The frequency of incursions have increased since the advents of drones and quadcopters," he says. The three videos of UFOs were published by the New York Times and "To the Stars Academy of Arts and Science," a self-described "public benefit corporation" co-founded by Tom DeLonge, best known as the vocalist and guitarist for the rock band, Blink-182.

Zach Dorfman, Jenna McLaughlin, and Sean D. Naylor, reporting for Yahoo News: On Dec. 29, 2016, the Obama administration announced that it was giving nearly three dozen Russian diplomats just 72 hours to leave the United States and was seizing two rural East Coast estates owned by the Russian government. As the Russians burned papers and scrambled to pack their bags, the Kremlin protested the treatment of its diplomats, and denied that those compounds -- sometimes known as the "dachas" -- were anything more than vacation spots for their personnel. The Obama administration's public rationale for the expulsions and closures -- the harshest U.S. diplomatic reprisals taken against Russia in several decades -- was to retaliate for Russian meddling in the 2016 presidential election. But there was another critical, and secret, reason why those locations and diplomats were targeted.

Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation's capital , according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau's ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community. "It was a very broad effort to try and penetrate our most sensitive operations," said a former senior CIA official.

American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

An anonymous reader quotes ZDNet: Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases. Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records. For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services.

If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground....

In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security... [H]e publicly apologized to the Kickstarter CEO on Twitter. "I've had a lot of time to reflect and see things from a different perspective," Milliken told ZDNet. "When you're hacking or have an objective to dump a database, you don't think about who's on the other end. There's a lot of talented people, a ton of work, and even more money that goes into creating a company... there's a bit of remorse for putting these people through cyber hell."
He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication.

"I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me."

An anonymous reader quotes ZDNet: While Sun open-sourced some of Java as long ago as November 2006, actually using Java in an open-source way was... troublesome. Just ask Google about Android and Java. But for Java in the enterprise things have changed. On September 10, The Eclipse Foundation announced the full open-source release of the Jakarta EE 8 Full Platform and Web Profile specifications and related Technology Compatibility Kits (TCKs).

This comes after Oracle let go of most of Java Enterprise Edition's (JEE) intellectual property. Oracle retains Java's trademarks though -- thus Java EE's naming convention has been changed to Jakarta EE. But for practical programming and production purposes Jakarta EE 8 is the next generation of enterprise Java.... Jakarta EE 8 also includes the same APIs and Javadoc using the same programming model Java developers have always used. The Jakarta EE 8 TCKs are based on and fully compatible with Java EE 8 TCKs. All of this means enterprise customers will be able to migrate to Jakarta EE 8 without any changes to Java EE 8 applications.

Eclipse hasn't been doing this in a vacuum. Fujitsu, IBM, Oracle, Payara, Red Hat, Tomitribe, and other members of what was once the Java community have been working on Jakarta EE... All of the Jakarta EE Working Group vendors intend to certify their Java EE 8 compatible implementations as Jakarta EE 8 compatible. In other words, Jakarta is the future for Java EE.
Oracle is now working on delivering a Java EE 8 and Jakarta EE 8 compatible implementation of their WebLogic Server.

The Eclipse Foundation says Jakarta EE 8's release "provides a new baseline for the evolution and innovation of enterprise Java technologies under an open, vendor-neutral, community-driven process."

President Donald Trump said Tuesday he fired national security advisor John Bolton, saying on Twitter he had "disagreed strongly with many of his suggestions." From a report: But minutes later, Bolton in his own tweet said that he "offered to resign" Monday night -- and that Trump told him, "Let's talk about it tomorrow." Either way, Bolton's departure shocked Washington, D.C., and oil crude futures fell. Bolton, who was named national security advisor in March 2018, is a harsh critic of Iran, and has advocated military strikes against that oil-rich nation. "I informed John Bolton last night that his services are no longer needed at the White House. I disagreed strongly with many of his suggestions, as did others in the Administration, and therefore I asked John for his resignation, which was given to me this morning," Trump said in a tweet. "I thank John very much for his service. I will be naming a new National Security Advisor next week." Earlier this month, Bolton had accused China of stealing US technology to make a stealth fighter. On a visit to Ukraine last month, Bolton said an unnamed fifth-generation aircraft "looks a lot like the F-35, that's because it is the F-35. They just stole it."

For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant? From a report: The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz. The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive. The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo.

Location social networks never took off, and Gowalla's star burned out fast. Gilt sold at a loss. And Tumblr, recently sold by Yahoo for less than 1 percent of what it originally paid, has become a cautionary tale. If you haven't been paying close attention, you'd be forgiven for assuming that Foursquare had fallen prey to the same fates as its once-hot peers. From a report: But you'd be wrong. This year, Foursquare's revenue will surpass $100 million, a critical mile marker for any company on its way to a public offering. In fact its story of success is a perfect tech-industry parable: A charming, rickety, vintage-2000s social app that's survived the last decade by evolving into a powerhouse enterprise data-extraction business. In 2014, Foursquare made a decision to shift its attention from its consumer apps to a growing business-to-business operation; five years later, 99 percent of Foursquare's business comes from its software and data products. Its clients include Uber, Twitter, Apple, Snapchat, and Microsoft. The company is still shining brightly, not because location-based social networks or New York's start-up scene have finally reached escape velocity, but because Foursquare had something that other start-ups didn't: location technology rivaled by only Google and Facebook.

[...] By 2014, Foursquare made the decision to focus on providing software tools and data to app developers, advertisers, and brands. Foursquare began charging developers for the use of its location technology in their own apps (it has worked with more than 150,000 to date) and selling its data to brands, marketers, advertisers, and data-hungry investors. The company's tools could measure foot traffic in and out of brick-and-mortar locations and build consumer profiles based on where people had recently visited. Soon, Foursquare began brandishing its power with public market predictions. It projected iPhone sales in 2015 based on traffic to Apple stores and, in 2016, the huge drop in Chipotle's sales figures (thanks to E. coli) two weeks before the burrito-maker announced its quarterly earnings. Co-founder and executive chairman Dennis Crowley says the human check-ins gave Foursquare engineers and data scientists the ability to verify and adjust location readings from other sources, like GPS, Wi-Fi, and Bluetooth. As it turns out, the goofy badges for Uncle Tony that made Foursquare easy to dismiss as a late-2000s fad were an incredibly powerful tool. [...] In addition to all of those active check-ins, at some point Foursquare began collecting passive data using a "check-in button you never had to press." It doesn't track people 24/7 (in addition to creeping people out, doing so would burn through phones' batteries), but instead, if users opt-in to allow the company to "always" track their locations, the app will register when someone stops and determine whether that person is at a red light or inside an Urban Outfitters. The Foursquare database now includes 105 million places and 14 billion check-ins.

McGruber shares a report from Popular Mechanics: Jessi Combs -- vehicle builder, racer, fabricator, TV personality, and all-around automotive legend -- was killed on Tuesday in a crash while attempting to break her own land-speed record in southeast Oregon. She was 36. The crash occurred as Combs was piloting her jet-powered land-speed car on the Alvord Desert, a dry lake bed where several land-speed records have been set. According to local reports, the crash happened shortly after 4pm local time.

Combs held the title of "fastest woman on four wheels" after setting a record of 398 mph in her jet-powered North American Eagle Supersonic Speed Challenger in 2013. More recently, she had piloted that same car to 483.227 mph in a single shakedown run in October 2018, though that run ended prematurely with mechanical troubles. (Governing bodies require two back-to-back runs in opposite directions to set an official speed record.) Combs was also a host, builder, and technical expert on shows like Xtreme 4x4, Overhaulin', Truck U, and Two Guys Garage. She brought about Velocity channel's All Girls Garage, and was a host and builder on a season of Discovery Channel's Mythbusters.

Add another chapter to your internet revisionist history books: AOL held talks to buy both Facebook and YouTube in 2006 and considered taking a large minority stake in Tencent in 2004. From a report: Obviously none of this happened -- and the board of Time Warner is to blame, said ex-AOL CEO Jon Miller in an exclusive CNBC interview. Miller has never discussed the failed talks publicly before. Miller said he discussed buying YouTube from the founders, Chad Hurley, Steve Chen and Jawed Karim, in January and July 2006. He spoke with Facebook founder Mark Zuckerberg in the spring of that year, he said. The Tencent talks were held in 2004, Miller said. "We wanted to take some shots," Miller said. "We had a line on buying YouTube before anybody else. We had an opportunity to step in with Facebook when Yahoo stumbled. We had a chance to maybe to step in to Tencent."

Uber isn't letting tech workers join the ride, at least for now. From a report: The ride-hailing giant canceled scheduled on-site interviews for tech roles last week, and job applicants have been told positions are being put on hold due to a hiring freeze in engineering teams in the U.S. and Canada, according to multiple people who received the communications. In emails sent to job interviewees, Uber recruiters explained "there have been some changes" and the opportunity has been "put on hold for now," according to emails reviewed by Yahoo Finance. The hiring freeze comes after 400 layoffs in its marketing department earlier this month, which raised concerns and fears company-wide. During a recent all-hands meeting, a question about potential layoffs in the engineering department was also raised, but executives didn't provide any timelines. The number of hiring posts for software engineer roles at Uber peaked in March, according to data tracking firm Thinknum. The move highlights the challenges that Uber faces as it scrambles to prove to Wall Street, since its IPO in May, that it's on the right track to achieve profitability. The company, with 100 million monthly active users, reported $5.23 billion in losses for the second quarter last week.

According to The Wall Street Journal, Verizon has agreed to sell its blogging website Tumblr to the owner of popular online-publishing tool WordPress. Tumblr was acquired by Yahoo for $1.1 billion in 2013, and was later included in Verizon's $4.5 billion purchase of Yahoo's web assets in 2017. Bloomberg reports: Automattic Inc. will buy Tumblr for an undisclosed sum and take on about 200 staffers, the companies said. Tumblr is a free service that hosts millions of blogs where users can upload photos, music and art, but it has been dwarfed by Facebook, Reddit and other services. The Tumblr acquisition is the largest ever in terms of price and head count for Automattic, the company's Chief Executive Matt Mullenweg said in an interview. The San Francisco company has a stable of brands focused on online publishing, including longform site Longreads, comment-filtering service Akismet, and avatar-managing service Gravatar.

Mr. Mullenweg said his company intends to maintain the existing policy that bans adult content. He said he has long been a Tumblr user and sees the site as complementary to WordPress.com. "It's just fun," he said of Tumblr. "We're not going to change any of that." Tumblr has a strong mobile interface and dashboard where users follow other blogs, he said. Executives will look for ways WordPress.com and Tumblr can share services and functionality.

Google has opened up an auction to allow alternative search engines to become the default providers on mobile devices in Europe. From a report: Beginning in early 2020, anyone setting up a new Android device in the European Economic Area (EEA) will see a choice screen, where they will be asked to select which search engine they wish to use as a default. Four options (Qwant, Ecosia, Google, Yahoo) will be available, including Google, and these will vary from country to country, depending on which companies apply for inclusion. The move comes a year after Google was hit with a record $5 billion fine by EU antitrust regulators for the way it bundled its services on Android, with claims that Google forced manufacturers to preinstall certain Google apps to gain access to others.

The 1978 arcade game Space Invader will become a major motion picture, reports Engadget. "The writer behind the 'Mortal Kombat' reboot is involved."

Deadline reports: It will take work fleshing this into a full-fledged alien-invasion movie, but the title is certainly a brand. In the game, a series of blocky aliens descended from the top of the screen to the bottom, and players basically blasted them until their thumbs cramped, or the invaders succeeded in overwhelming the slow-triggered defender of earth.
"Nothing surprises me any more," adds the headline at Io9. Once, I would be surprised and bemused by the things Hollywood tries to turn into major franchises in 2019. I might observe how the truth now matches what we used to make up as parody. But, look, Battleship is a real movie and Rihanna was in it and that was seven years ago... Since the arcade game is entirely devoid of plot, except for the riveting narrative of shooting up until your thumbs cramp, it'll probably be some entirely original plot about alien invaders, maybe something Independence Day-esque, with some inevitable cute nods to the original thrown in... [W]e'll keep you posted as long as you keep putting quarters into the machine.
Yahoo Movies UK calls the news "apparent proof that Hollywood will literally make a movie out of anything... Also in the pipeline is a live-action outing for Sonic the Hedgehog, which was delayed earlier this year so that Paramount could redesign the character following a fan backlash."

I'm still waiting for a big-budget Hollywood blockbuster based on Pong.