eBay is planning to slash nearly 300 jobs from Bay Area locations by July 20, calling the cuts a "mass layoff." Those being laid off were informed at the end of June, reports The Mercury News. The San Jose-based company estimated that it would eliminate 224 jobs in San Jose, 41 in San Francisco, and five in Brisbane. From the report: "This action is expected to be permanent," eBay stated in the Employment Development Department filing. "No affected employee has any bumping rights." Over the one-year period that ended in March, eBay lost $1.64 billion on revenues of $9.84 billion, according to information posted on the Yahoo Finance site. During the first quarter that ended March 31, eBay earned $407 million on revenues of $2.58 billion. Compared to the year-ago first quarter, profits were down 60.7 percent and revenue rose 12 percent.

Hackers account for 90% of of e-commerce sites' global login traffic, according to a report by cyber security firm Shape Security. They reportedly use programs to apply stolen data acquired on the dark web -- all in an effort to login to websites and grab something of value like cash, airline points, or merchandise. Quartz reports: These attacks are successful as often as 3% of the time, and the costs quickly add up for businesses, Shape says. This type of fraud costs the e-commerce sector about $6 billion a year, while the consumer banking industry loses out on about $1.7 billion annually. The hotel and airline businesses are also major targets -- the theft of loyalty points is a thing -- costing a combined $700 million every year.

The process starts when hackers break into databases and steal login information. Some of the best known "data spills" took place at Equifax and Yahoo, but they happen fairly regularly -- there were 51 reported breaches last year, compromising 2.3 billion credentials, according to Shape. Taking over bank accounts is one way to monetize stolen login information -- in the US, community banks are attacked far more than any other industry group. According to Shape's data, that sector is attacked more than 200 million times each day. Shape says the number of reported credential breaches was roughly stable at 51 last year, compared with 52 in 2016. The best way consumers can minimize these attacks is by changing their passwords.

The 2nd Circuit denies an immediate appeal in a case that challenges how news organizations used embedded photos of Tom Brady. The Hollywood Reporter: Back in February, a New York judge caused a bit of a freakout by issuing a copyright decision regarding the embedding of a copyrighted photo of NFL superstar Tom Brady. Now comes another surprise with potentially big ramifications to the future of embedding and in-line linking: The 2nd Circuit Court of Appeals has denied an interlocutory appeal. Justin Goldman is the plaintiff in the lawsuit after finding the photo of the New England Patriots quarterback he shot and uploaded to Snapchat go viral. Many news organizations embedded social media posts that took Goldman's photo in stories about whether the Boston Celtics would recruit NBA star Kevin Durant with Brady's assistance. Breitbart, Heavy, Time, Yahoo, Vox Media, Gannett Company, Herald Media, Boston Globe Media Partners and New England Sports Network were defendants in the lawsuit, but many of these companies have since settled.

Heavy has not, and in February, U.S. District Court Judge Katherine Forrest shocked many legal observers with a decision that refused to apply the "Server Test," where the direct liability of a website publisher for copyright infringement turns on whether the image is hosted on the publisher's own server or is embedded or linked from a third-party server. Although the Server Test has been adopted in other jurisdictions, Forrest wrote, "The plain language of the Copyright Act, the legislative history undergirding its enactment, and subsequent Supreme Court jurisprudence provide no basis for a rule that allows the physical location or possession of an image to determine who may or may not have 'displayed' a work within the meaning of the Copyright Act." She added, "Nowhere does the Copyright Act suggest that possession of an image is necessary in order to display it. Indeed, the purpose and language of the Act support the opposite view."

The blockchain gaming company Lucid Sight is partnering with Major League Baseball to launch MLB Crypto Baseball. Engadget's Daniel Roberts explains: Ethereum, launched in 2015, is a decentralized platform for "smart contracts," which are automated agreements for an exchange of value. It runs on a blockchain, the same peer-to-peer, immutable, public ledger technology that bitcoin runs on. The cryptocurrency of Ethereum is ether. Because of Ethereum's usefulness for smart contracts, it has become a proving ground for blockchain-based games, where users collect and trade one-of-a-kind items that no one can duplicate or steal. On a blockchain, each digital item (or contract) is verified and tamper-proof.

In MLB Crypto Baseball, users will pay in ether to buy digital avatars tied to specific moments in recent games. They can then sell the items, or in some cases, earn rewards and stickers. The game is a decentralized app, or "dApp." [...] To play the game at launch, users must own some amount of ether and must transfer it to a web plug-in called MetaMask. (CryptoKitties works the same way.) Lucid Sight hopes to have an easy mobile app ready shortly after launch. "We are not building this just for tech savvy people," says Lucid Sight cofounder Octavio Herrera. "That said, the game will roll out in stages. So yes, for version 1 you will need ether, you will need MetaMask, it will be a little bit difficult to get into. But I do think people will open up Coinbase accounts, buy some ether, and transfer it to MetaMask, in order to collect these things they'll enjoy so much."

schwit1 shares a report from Yahoo News: Megaupload founder Kim Dotcom suffered a major setback in his epic legal battle against online piracy charges Thursday when New Zealand's Court of Appeal ruled he was eligible for extradition to the United States. The German national, who is accused of netting millions from his file sharing Megaupload empire faces charges of racketeering, fraud and money laundering in the U.S., carrying jail terms of up to 20 years. Dotcom had asked the court to overturn two previous rulings that the Internet mogul and his three co-accused be sent to America to face charges. Instead, a panel of three judges backed the FBI-led case, which began with a raid on Dotcom's Auckland mansion in January 2012 and has dragged on for more than six years. His lawyer tweeted he would appeal to the NZ Supreme Court.

According to The Wall Street Journal, hundreds of app developers have access to millions of inboxes belonging to Gmail users (Warning: source paywalled; alternative source). The developers reportedly receive access to messages from Gmail users who signed up for things like price-comparison services or automated travel-itinerary planners. Some of these companies train software to scan the email, while others enable their workers to pore over private messages. INSIDER reports: It's not news that Google and many top email providers enable outside developers to access users' inboxes. In most cases, the people who signed up for the price-comparison deals or other programs agreed to provide access to their inboxes as part of the opt-in process. In Google's case, outside developers must pass a vetting process, and as part of that, Google ensures they have an acceptable privacy agreement, The Journal reported, citing a Google representative.

What is unclear is how closely these outside developers adhere to their agreements and whether Google does anything to ensure they do, as well as whether Gmail users are fully aware that individual employees may be reading their emails, as opposed to an automated system, the report says. It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers. According to the newspaper, nothing in Microsoft or Yahoo's policy agreements explicitly allows people to read others' emails.

There are cyberheists, and then there's Carbanak, a cybercriminal gang that has stolen about $1.2 billion from more than 100 banks in 40 nations. The suspected 34-year-old ringleader is under arrest, but the whopping $1.2 billion amount remains missing. And to add insult to the injury, the malware attacks live on. Bloomberg Businessweek has an insightful story on this, which includes comments from none other than Europol itself, on the chase to catch Carabanak which has lasted for three years. Some excerpts from the story: Before WannaCry, before the Sony Pictures hack, and before the breaches that opened up Equifax and Yahoo!, there was a nasty bit of malware known as Carbanak. Unlike those spectacular attacks, this malware wasn't created by people interested in paralyzing institutions for ransom, publishing embarrassing emails, or taking personal data. The Carbanak guys just wanted loot, and lots of it.

Since late 2013, this band of cybercriminals has penetrated the digital inner sanctums of more than 100 banks in 40 nations, including Germany, Russia, Ukraine, and the U.S., and stolen about $1.2 billion, according to Europol, the European Union's law enforcement agency. The string of thefts, collectively dubbed Carbanak -- a mashup of a hacking program and the word "bank" -- is believed to be the biggest digital bank heist ever. In a series of exclusive interviews with Bloomberg Businessweek, law enforcement officials and computer-crime experts provided revelations about their three-year pursuit of the gang and the mechanics of a caper that's become the stuff of legend in the digital underworld.

Besides forcing ATMs to cough up money, the thieves inflated account balances and shuttled millions of dollars around the globe. Deploying the same espionage methods used by intelligence agencies, they appropriated the identities of network administrators and executives and plumbed files for sensitive information about security and account management practices. The gang operated through remotely accessed computers and hid their tracks in a sea of internet addresses.

An anonymous reader writes: A survey conducted among the tech workers, including many employees of Silicon Valley's elite tech companies, has revealed that over 57% of respondents are suffering from job burnout. The survey was carried out by the makers of an app that allows employees to review workplaces and have anonymous conversations at work, behind their employers' backs. Over 11K employees answered one question -- if they suffer from job burnout, and 57.16% said "Yes."

The company with the highest employee burnout rate was Credit Karma, with a whopping 70.73%, followed by Twitch (68.75%), Nvidia (65.38%), Expedia (65.00%), and Oath (63.03% -- Oath being the former Yahoo company Verizon bought in July 2017). On the other end of the spectrum, Netflix ranked with the lowest burnout rate of only 38.89%, followed by PayPal (41.82%), Twitter (43.90%), Facebook (48.97%), and Uber (49.52%).

America's Department of Defense "has quietly empowered the United States Cyber Command to take a far more aggressive approach to defending the nation against cyberattacks, a shift in strategy that could increase the risk of conflict with the foreign states that sponsor malicious hacking groups," reports the New York Times. Long-time Slashdot reader TheSauce shares their report: In the spring, as the Pentagon elevated the command's status, it opened the door to nearly daily raids on foreign networks, seeking to disable cyberweapons before they can be unleashed, according to strategy documents and military and intelligence officials... The new strategy envisions constant, disruptive "short of war" activities in foreign computer networks... "Continuous engagement imposes tactical friction and strategic costs on our adversaries, compelling them to shift resources to defense and reduce attacks"...

The risks of escalation -- of U.S. action in foreign networks leading to retaliatory strikes against U.S. banks, dams, financial markets or communications networks -- are considerable, according to current and former officials... The chief risk is that the internet becomes a battleground of all-against-all, as nations not only place "implants" in the networks of their adversaries -- something the United States, China, Russia, Iran and North Korea have done with varying levels of sophistication -- but also begin to engage in daily attack and counterattack.
An article shared by schwit1 notes that officials in the Obama administration "were also worried that a vigorous cyber response...could escalate into a full scale cyber war."

Yet the Times reports that this new policy reflects "a widespread view that the United States has mounted an inadequate defense against the rising number of attacks aimed at America."

hackingbear shares a report from Yahoo News: Google will invest $550 million in Chinese e-commerce powerhouse JD.com, part of the U.S. internet giant's efforts to expand its presence in fast-growing Asian markets and battle rivals including Amazon.com. The two companies described the investment announced on Monday as one piece of a broader partnership that will include the promotion of JD.com products on Google's shopping service. This could help JD.com expand beyond its base in China and Southeast Asia and establish a meaningful presence in U.S. and European markets. For JD.com, the Google deal shows its determination to build a set of global alliances as it seeks to counter Alibaba, which has been more focused on forging domestic retail tie-ups.

Slashdot reader grep -v '.*' * shares a surprising story. The Kansas City Star profiles the victim of a three-year con that started with an email to a Yahoo inbox back in 2005. A decade ago, Fred Haines was wandering the Wichita airport looking for a Nigerian man hauling two chests full of cash. After an hour of waiting and asking around, he finally came to the realization that the $65 million Nigerian fortune he thought he was inheriting was not coming after all. What is now coming, though, is the $110,000 he had been scammed out of, thanks to the work of the Kansas Attorney General's Office.

From 2005 to 2008, swindlers hoodwinked Haines, a self-employed handyman in Wichita, into spending thousands in pursuit of an imaginary inheritance from a Nigerian government official -- a con known as the Nigerian Prince Scam. Haines re-mortgaged his house three times in the process. Last year, in a settlement with the Department of Justice, Western Union admitted it knew some of its employees had conspired with scam artists to bilk people out of money and had failed to fix the problem. The company set aside $586 million to create a fund to refund victims across the U.S. and Canada... All victims who'd sent money to hucksters using the service were able to request refunds, but only those who had complained to law enforcement or Western Union were notified directly of the settlement.

"It got to the point where they were showing me that the president of Nigeria had sent me a letter. It had his picture on it and everything," Haines said. "I looked it up on the computer to see what the Nigerian president looked like, and it was him." Once, he received an email claiming to be from Robert Mueller, who was then the FBI director. The email was addressed to Haines, code-name "B-DOG," and it was signed with the FBI's address and official seal. "I wish you can remove doubt and suspicious and go ahead I assured you that you will never regret this fund release," the email said in part.
Haines is one of 344 victims who recovered a total of $1,758,988 through the Kansas Attorney General's office -- though when the office sent out 25,000 letters to possible scam victims, many of them were now skeptical of the promise of unclaimed money, and "Some were even angry when employees called to follow up on those who hadn't responded."

An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.

In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards.

Yahoo Messenger is to be discontinued in just over a month. Yahoo owner Oath has announced that it is killing off its famous Messenger service on July 17. From a report: After this date, chatting will no longer be available, and users have just six months to download their chat histories. At the moment, there is no direct replacement for Yahoo Messenger, but users are being advised that they can request an invite for the beta version of the invite-only group messaging app Yahoo Squirrel. In an FAQ about the announcement, Yahoo addresses why the decision to shutter the service was taken. "We know we have many loyal fans who have used Yahoo Messenger since its beginning as one of the first chat apps of its kind. As the communications landscape continues to change over, we're focusing on building and introducing new, exciting communications tools that better fit consumer needs."

hackingbear shares a report from Yahoo Finance: Micron Technology Inc., the largest U.S. maker of computer memory chips, said Chinese regulatory authority representatives visited its offices in that country, potentially opening another front in a growing trade dispute between the world's two largest economies. Chinese media reported that Samsung and SK Hynix also received visits from local regulators seeking information. Micron got about half of its sales from China last year, according to data compiled by Bloomberg. China has been spending heavily on attempts to boost its domestic supply of semiconductors and lessen a bill that has exceeded the cost of oil imports. "In 2015, Qualcomm, another U.S. chip giant currently under antitrust investigation in Europe, paid near $1 billion to settle its antitrust matter in China," notes Slashdot reader hackingbear.

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. "U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco," The Associated Press reports. From the report: Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was "an international hacker for hire" who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia's Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person's webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

"Deterrence is particularly important in a case like this," the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov's age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been "a very humbling and eye-opening experience." He apologized to those he hacked and promised "to be a better man" and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

john of sparta shares a report from Yahoo: American forces in Syria are increasingly facing attacks from Russian and Syrian electronic warfare weapons, as Moscow uses the conflict to test its future arsenal. General Raymond Thomas, head of the U.S. Special Operations Command, said that Syria has become "the most aggressive electronic warfare environment on the planet," Breakingdefense.com reported. Speaking at a geospatial intelligence conference in Florida, Gen. Thomas said that Russian and Syrian regime forces "are testing us everyday, knocking our communications down, disabling our [EC-130 aircraft]."

The Lockheed Martin EC-130 Compass Call is one of America's most advanced electronic warfare weapons. Based on the C-130 Hercules, the plane was developed to disrupt enemy communications, radar and command operations. The craft's presence in Syrian skies gives Russia the chance to test its weapons against the best the U.S. has to offer, whether directly or through its Syrian allies. Earlier this month, four anonymous officials told NBC News that Russia has also been regularly targeting smaller U.S. surveillance drones. One of those quoted said Russian operations were having a significant impact on U.S. capabilities. The sophisticated attacks were even successful against encrypted signals and anti-jamming devices, the official said. Slashdot reader john of sparta adds, "Well, it's war; not a surprise..."

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.

Former Yahoo Chief Executive Officer Marissa Mayer is starting a technology business incubator, Lumi Labs, with longtime colleague Enrique Munoz Torres, she revealed in an interview with The New York Times. Bloomberg: The venture will focus on consumer media and artificial intelligence, according to the company's website, which is set against a backdrop of snow-covered peaks. Lumi means snow in Finnish, Mayer told the New York Times, which reported the news earlier Wednesday. The next project for Mayer, who was an early employee at Google and worked there until leaving to run Yahoo in 2012, had been a matter of considerable speculation in Silicon Valley. She left Yahoo, once a leading search engine and web destination, after it was sold to Verizon Communications last year.

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."