wiredmikey quotes a report from SecurityWeek: Yahoo said Monday that the closing of a $4.8 billion deal to sell its core internet assets to U.S. telecom titan Verizon has been delayed several months. A close originally set for this quarter has been pushed into next quarter, and has been thrown into doubt following disclosures of two huge data breaches. Yahoo announced in September that hackers in 2014 stole personal data from more than 500 million of its user accounts. It admitted another cyberattack in December, this one dating from 2013, affecting over a billion users. The U.S. Securities and Exchange Commission has opened an investigation into whether Yahoo should have informed investors sooner about the two major data breaches.

New submitter Linorgese quotes a report from The Wall Street Journal (Warning: paywalled; alternate source): U.S. authorities are investigating whether Yahoo Inc.'s two massive data breaches should have been reported sooner to investors, according to people familiar with the matter, in what could prove to be a major test in defining when a company is required to disclose a hack. Last month, the Federal Bureau of Investigation said it had begun an investigation into a 2013 data breach that involved more than 1 billion users' accounts. That followed Yahoo's disclosure that a 2014 intrusion involved about 500 million accounts. As part of its investigation, the SEC last month requested documents from Yahoo, the Journal said, citing persons familiar with the situation. The agency has been seeking a model case for cybersecurity rules it issued in 2011, legal experts told the Journal. In a November 2016 SEC filing, Yahoo noted that it was cooperating with the SEC, Federal Trade Commission and other federal, state, and foreign governmental officials and agencies including "a number of State Attorneys General, and the U.S. Attorney's office for the Southern District of New York." When Yahoo reported the 2014 breach it said that evidence linked it to a state-sponsored attacker. It has not announced a suspected responsibility for the larger 2013 intrusion, but the company has said it does not believe the two breaches are linked.

"Two well-placed sources" told The New York Post that Verizon is considering purchasing a big cable company to help it grow demand for its wireless data products. The source said the most likely targets would be "Charter or Comcast." New York Post reports: Verizon Chief Executive Lowell McAdam may be getting ready to answer rival ATT's moves to buy DirecTV and Time Warner. To be sure, Verizon is not in talks with any cable company and may not ever make such a move. Still, McAdam has been under pressure recently with Verizon's deal to acquire Yahoo still a question mark months after two major hacks of the internet portal were revealed. The wireless giants operate on 4G wireless networks but are preparing to become a real alternative to the cable company with phone, TV and data services. To do that more effectively, the phone companies are pouring money into 5G connections that can work with cable systems to provide more stable coverage for consumers. McAdam has already given Wall Street analysts and investors big hints that he's looking at a combination with, say, a Charter Communications. In a mid-December meeting with Wall Street analysts, McAdam said a get-together between the two "makes industrial sense." Three weeks later, at CES, his comments to friends make it clear that cable distribution is a path he is exploring, perhaps more seriously than first thought. "For regulatory reasons, Verizon can't dominate in FiOS and cable, so it appears to have to set its sights on cable," an industry source said. Charter could be a seller under the right conditions, the source added, emphasizing that Malone and Charter CEO Tom Rutledge are just getting going on their vision for Charter.

schwit1 quotes the Associated Press: There's a new thrill on the streets of downtown Las Vegas, where high- and low-rollers alike are climbing aboard what officials call the first driverless electric shuttle operating on a public U.S. street. The oval-shaped shuttle began running Tuesday as part of a 10-day pilot program, carrying up to 12 passengers for free along a short stretch of the Fremont Street East entertainment district.

The vehicle has a human attendant and computer monitor, but no steering wheel and no brake pedals. Passengers push a button at a marked stop to board it. The shuttle uses GPS, electronic curb sensors and other technology, and doesn't require lane lines to make its way.
The shuttle -- which they've named Arma -- is traveling at 15 miles per hour, and the ride is smooth, according to the mayor of Las Vegas. ("It's clean and quiet and seats comfortably.") They've blocked all the side streets, so the shuttle doesn't have to deal with traffic signals yet, though eventually they'll install special transmitters at every intersection to communicate whether the lights are red or green, and the city plans to deploy more of the vehicles by the end of the year.

The U.S. Environmental Protection Agency on Thursday accused Fiat Chrysler Automobiles NV of illegally using hidden software to allow excess diesel emissions to go undetected, the result of a probe that stemmed from regulators' investigation of rival Volkswagen AG. From a report: FCA shares plummeted as the maximum fine is about $4.6 billion. The EPA action affects 104,000 U.S. trucks and SUVs sold since 2014, about one-sixth the vehicles in the Volkswagen case. The EPA and California Air Resources Board told Fiat Chrysler it believes its undeclared auxiliary emissions control software allowed vehicles to generate excess pollution in violation of the law. Fiat Chrysler Chief Executive Sergio Marchionne angrily rejected the allegations at a hastily-assembled conference call with reporters, saying there was no wrongdoing and the company never attempted to create software to cheat emissions rules by detecting when the vehicle was in test mode.

What may come as no surprise to cable TV or internet subscribers, Comcast remains among the least-liked companies in American history, according to a new survey from 24/7 Wall Street. From DSL Reports: [The survey] combines data from the American Consumer Satisfaction Index, JD Power and Associates and a Zogby Analytics poll, and lists Comcast as the "most hated company in America." Comcast had made some small strides in the ACSI rankings last year, but even with minor improvements still consistently battles Charter for last place in most customer satisfaction and service studies. "The company')s internet services received the fourth worst score out of some 350 companies. In J.D. Power's rating of major wireline services, only Time Warner Cable -- recently subsumed by Charter -- received a worse score in overall satisfaction," notes the report, which adds that Comcast received the worst scores in consumer costs, billing, and reliability. "In 24/7 Wall St.'s annual customer satisfaction poll conducted in partnership with Zogby, nearly 55% of of respondents reported a negative experience with the company, the second worst of any corporation." Comcast finds itself ahead of numerous banks and airlines, but it isn't alone in the rankings among telecom providers. Dish Network is ranked eighth, the report noting that 47% of those polled reported a negative service experience with the company. Also on the list at tenth is Sprint, which had the worst customer service rating out of the more than 100 companies included in the survey. "More than half of Sprint customers polled reported a negative customer service experience with the company," the study found.

maxcelcat writes: Spotted on The Register's twitter feed: Yahoo! Submission to The SEC. Most of the board is leaving, including CEO Marissa Mayer. The company has been bought by Verizon and is changing its name to Altaba Inc. I'm old enough to remember when Yahoo was a series of directories on a University's computers, where you could browse a hierarchical list of websites by category. And here I am watching the company's demise. According to the regulatory filing, the changes will take place after the sale of its core business is completed with Verizon for roughly $4.8 billion. The Wall Street Journal notes: "Verizon officials have indicated all options remain possible, including renegotiating the terms of the deal or walking away."

An anonymous reader quotes Yahoo News:The report from an alleged UFO sighting by the Chilean military over two years ago has just been declassified, leaving experts completely stumped. The Chilean government agency which investigates UFOs, the CEFAA, reports that a naval helicopter was carrying out a routine daylight coastal patrol in November 2014 when the camera operator noticed an unidentified flying object ahead...flying horizontally and at a steady speed similar to that of the helicopter. The mysterious object could be seen with the naked eye but couldn't be detected with the helicopter's radar, ground radar stations or air traffic controllers. Authorities ruled out that it was an aircraft as no craft had been authorized to fly in the area.
In 2014 the CIA admitted their tests of a high-altitude U-2 reconnaissance aircraft between 1954 and 1972 coincided with a spike in UFO reports. Could this be another new military aircraft that's getting its first tests?

A senior executive of Verizon said on Thursday the company was unsure about its planned acquisition of Yahoo's internet business. From a report on Reuters: "I can't sit here today and say with confidence one way or another because we still don't know," Marni Walden, president of product innovation and new businesses, said at the Citi 2017 Internet, Media & Telecommunications Conference in Las Vegas.To walk away, Verizon likely will have to show the overall value of Yahoo has declined as a result of the two hacking disclosures. "I have to have certain facts in order to be able to make a decision," she told WSJ. "There's a lot of stuff we don't know."

A lawsuit filed against Snap Inc. by a former employee claims the company reported false growth numbers to investors in an effort to inflate its valuation. An anonymous reader shares a report: The plaintiff, Anothony Pompliano, joined the company (then known as Snapchat) as a growth lead in September of last year from Facebook. Pompliano claims the company's "institutional pandemic" of misrepresentation of its user numbers was fueled by its pursuit of a multi-billion dollar initial public offering (IPO) -- a number of prior reports have claimed the company could go public as soon as March. Snap's visual messaging app Snapchat is known for its popularity with younger millennials (aged 25 and under). Despite remaining tight-lipped about its official statistics, leaked reports put its daily active user base at 150 million (higher than that of fellow social platform Twitter). Additionally, its daily video views count hit an impressive 10 billion in April 2016. Numbers like these have had the industry buzzing over its expected IPO, with analysts claiming the company could be valued as high as $25 billion.

Apple said Wednesday it plans to invest $1 billion in SoftBank's new technology fund to help finance technologies it could use in the future. From a report: SoftBank has said it is investing at least $25 billion in the fund and has been in talks with Saudi Arabia's Public Investment Fund for an investment that could go up to $45 billion. "We believe their new fund will speed the development of technologies which may be strategically important to Apple," company spokesman Josh Rosenstock told Reuters. SoftBank has also said that it plans to make future large-scale investments via the tech fund, rather than on its own.

An anonymous reader quotes a report from Mac Rumors: Apple's iPhone and iPad were the most popular mobile devices gifted during the holidays this year, according to new data shared by Yahoo-owned mobile analytics firm Flurry. Flurry examined device activations by manufacturer between 12/19 and 12/25, finding Apple devices to be twice as popular as Samsung devices. 44 percent of all new phone activations were Apple iPhones, while Samsung smartphones accounted for 21 percent of activations. Huawei, LG, Amazon, Oppo, Xiaomi, and Motorola trailed behind with between two and three percent of activations each. Google's Pixel smartphone, which came out in October, did not make Flurry's list. Last year, Flurry released a similar report, and Apple devices made up 49.1 percent of all device activations, while Samsung devices came in at 19.8 percent. Phablets, or smartphones and tablets ranging in size from 5 inches to 6.9 inches, continued to grow in popularity. In 2016, the phablets category, which includes the 5.5-inch iPhone 6 Plus, 6s Plus, and 7 Plus, was responsible for 37 percent of total device activations. Medium-sized phones, like the 4.7-inch iPhone 6, iPhone 6s, and iPhone 7, were responsible for 45 percent of all activations. Activations of full-sized tablets, like the iPad, have continued to wane. From Flurry's report: "While Samsung is slowly growing in popularity throughout the holiday season, up 1% from last year, Apple devices continue to be the gift to give. Holding the third and fourth positions for activations are Huawei and LG; which is remarkable, as both manufacturers do not have an individual device within the top 35 devices activated. Their high rank is likely due to the fact that they have wide variety of devices and affordable options (hundreds of phablet and medium phones) for consumers to choose from."

earlytime writes: Large scale account hacks such as the billion user Yahoo breach and targeted phishing hacks of gmail accounts during the U.S. election have made 2016 an infamous year for web security. Along comes U2F/web-security keys to address these issues at a critical time. Ars Technica reports that U2F keys "may be the world's best hope against account takeovers": "The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms. After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication."

The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."

An anonymous reader quotes a report from Reuters: Yahoo Inc's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings. The order on Yahoo from the secret Foreign Intelligence Surveillance Court (FISC) last year resulted from the government's drive to change decades of interpretation of the U.S. Constitution's Fourth Amendment right of people to be secure against "unreasonable searches and seizures," intelligence officials and others familiar with the strategy told Reuters. The unifying idea, they said, is to move the focus of U.S. courts away from what makes something a distinct search and toward what is "reasonable" overall. The basis of the argument for change is that people are making much more digital data available about themselves to businesses, and that data can contain clues that would lead to authorities disrupting attacks in the United States or on U.S. interests abroad. While it might technically count as a search if an automated program trawls through all the data, the thinking goes, there is no unreasonable harm unless a human being looks at the result of that search and orders more intrusive measures or an arrest, which even then could be reasonable. Civil liberties groups and some other legal experts said the attempt to expand the ability of law enforcement agencies and intelligence services to sift through vast amounts of online data, in some cases without a court order, was in conflict with the Fourth Amendment because many innocent messages are included in the initial sweep. But the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, said in an interview with Reuters on Tuesday that the legal interpretation needed to be adjusted because of technological changes.

An anonymous reader writes: As if 2016 wasn't shitty enough for Yahoo -- which admitted to two separate breaches that saw 500 million users' and then 1 billion users' details stolen by hackers -- the New York Times reports that a billion-user database was sold on the Dark Web last August for $300,000. That's according to Andrew Komarov, chief intelligence office at security firm InfoArmor. He told NYT that three buyers, including two prominent spammers and another who might be involved in espionage tactics purchased the entire database at the aforementioned price from a hacker group believed to based in Eastern Europe. It's lovely to know that it only costs $300,000 to be able to threaten a billion people's online existence -- which means each account is only worth $0.0003 to hackers who can ruin your life online in a matter of minutes. Yahoo also doesn't yet know who made off with all the data from the attack in 2013, which is said to be the largest breach of any company ever.

Verizon is reconsidering its $4.8 billion purchase of Yahoo, according to Bloomberg. Citing a source, the publication claims that Wednesday's announcement by Yahoo -- theft of info from one billion users -- has led Verizon to consider scrapping the deal entirely. From the report: While a Verizon group led by AOL Chief Executive Officer Tim Armstrong is still focused on integration planning to get Yahoo up and running, another team, walled off from the rest, is reviewing the breach disclosures and the company's options, said the person, who asked not to be identified discussing private information. A legal team led by Verizon General Counsel Craig Silliman is assessing the damage from the breaches and is working toward either killing the deal or renegotiating the Yahoo purchase at a lower price, the person said. One of the major objectives for Verizon is negotiating a separation from any future legal fallout from the breaches. Verizon is seeking to have Yahoo assume any lasting responsibility for the hack damage, the person said.

An anonymous reader quotes a breaking report from ABC News: Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The Sunnyvale, California, company says it's a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo. Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

An anonymous reader quotes Yahoo Finance's David Pogue: You know this tip, don't you? When you tap the Space bar, the web page you're reading scrolls up exactly one screenful... But in recent years, something clumsy and unfortunate has happened: Web designers have begun slapping toolbars or navigation bars at the top of the page. That's fine -- except when it throws off the Space-bar scrolling! Which, most of the time, it does.

Suddenly, tapping Space doesn't scroll the right amount. The lines you were supposed to read next scroll too high; they're now cut off. Now you have to use your mouse or keyboard to scroll back down again. Which defeats the entire purpose of the Space-bar tip. Over the last few months, I've begun keeping track of which sites do Space-bar scrolling right -- and which are broken. I want to draw the public's attention to this bit of broken code, and maybe inspire the world's webmasters to get with the program.
Pogue's article announces "the world's first Space-Bar Scrolling Report Card," shaming sites like the Wall Street Journal, USA Today, The New Yorker, and Scientific American for their improperly-scrolling web sites. (As well as, ironically, Yahoo -- the parent company of the site Pogue is writing for.) Pogue writes that web programmers "should get their act together so that the scroll works as it's supposed to. (And if you work for one of those sites, and you manage to get the scrolling-bug fixed, email me so I can update this article and congratulate you.)"

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.