United Kingdom

UK Watchdog Issues $334K Fine For Yahoo's 2014 Data Breach (theregister.co.uk) 29

An anonymous reader quotes a report from The Register: Yahoo's U.K. limb has finally been handed a $334,300 (250,000 GBP) fine for the 2014 cyber attack that exposed data of half a million Brit users. Today, the Information Commissioner's Office issued Yahoo U.K. Services Ltd a $334,300 (250,000 GBP) fine following an investigation that focused on the 515,121 U.K. accounts that the London-based branch of the firm had responsibility for. The ICO said "systemic failures" had put user data at risk as the U.K. arm of Yahoo did not take appropriate technical and organizational measures to prevent a data breach of this size.

In particular, the watchdog said there should have been proper monitoring systems in place to protect the credentials of Yahoo employees who could access customer's data, and to ensure that instructions to transfer very large quantities of personal data from Yahoo's servers would be flagged for investigation. It also noted that, as a data controller, Yahoo U.K. services Ltd had a responsibility to ensure its processors -- in this case Yahoo, whose U.S. servers held the data on U.K. users -- complied with data protection standards.

Businesses

Oath is Killing Off Yahoo Messenger on July 17 (betanews.com) 50

Yahoo Messenger is to be discontinued in just over a month. Yahoo owner Oath has announced that it is killing off its famous Messenger service on July 17. From a report: After this date, chatting will no longer be available, and users have just six months to download their chat histories. At the moment, there is no direct replacement for Yahoo Messenger, but users are being advised that they can request an invite for the beta version of the invite-only group messaging app Yahoo Squirrel. In an FAQ about the announcement, Yahoo addresses why the decision to shutter the service was taken. "We know we have many loyal fans who have used Yahoo Messenger since its beginning as one of the first chat apps of its kind. As the communications landscape continues to change over, we're focusing on building and introducing new, exciting communications tools that better fit consumer needs."
China

Micron, Samsung, Hynix Investigated By China Over Antitrust Violations (yahoo.com) 38

hackingbear shares a report from Yahoo Finance: Micron Technology Inc., the largest U.S. maker of computer memory chips, said Chinese regulatory authority representatives visited its offices in that country, potentially opening another front in a growing trade dispute between the world's two largest economies. Chinese media reported that Samsung and SK Hynix also received visits from local regulators seeking information. Micron got about half of its sales from China last year, according to data compiled by Bloomberg. China has been spending heavily on attempts to boost its domestic supply of semiconductors and lessen a bill that has exceeded the cost of oil imports. "In 2015, Qualcomm, another U.S. chip giant currently under antitrust investigation in Europe, paid near $1 billion to settle its antitrust matter in China," notes Slashdot reader hackingbear.
Crime

Canadian Hacker Sentenced To 5 Years For Yahoo Security Breach (seattletimes.com) 21

The computer hacker who worked with Russian spies was sentenced to five years in prison Tuesday for his role in a massive security breach at Yahoo. "U.S. Judge Vince Chhabria also fined Karim Baratov $250,000 during a sentencing hearing in San Francisco," The Associated Press reports. From the report: Baratov, 23, pleaded guilty in November to nine felony hacking charges. He acknowledged in his plea agreement that he began hacking as a teen seven years ago and charged customers $100 per hack to access web-based emails. Prosecutors allege he was "an international hacker for hire" who indiscriminately hacked for clients he did not know or vet, including dozens of jobs paid for by Russia's Federal Security Service. Baratov, who was born in Kazakhstan but lived in Toronto, Canada, where he was arrested last year, charged customers to obtain another person's webmail passwords by tricking them to enter their credentials into a fake password reset page. Prosecutors said Russian security service hired Baratov to target dozens of email accounts using information obtained from the Yahoo hack.

"Deterrence is particularly important in a case like this," the judge said during the hearing. He rejected prosecutors call for a prison sentence of nearly 10 years, noting Baratov's age and clean criminal record prior to his arrest. Baratov has been in custody since his arrest last year. He told the judge Tuesday that his time behind bars has been "a very humbling and eye-opening experience." He apologized to those he hacked and promised "to be a better man" and obey the law upon his release. The judge said it is likely Baratov will be deported once he is released from prison.

The Military

Russia Is Attacking US Forces With Electronic Weapons In Syria, General Says (yahoo.com) 249

john of sparta shares a report from Yahoo: American forces in Syria are increasingly facing attacks from Russian and Syrian electronic warfare weapons, as Moscow uses the conflict to test its future arsenal. General Raymond Thomas, head of the U.S. Special Operations Command, said that Syria has become "the most aggressive electronic warfare environment on the planet," Breakingdefense.com reported. Speaking at a geospatial intelligence conference in Florida, Gen. Thomas said that Russian and Syrian regime forces "are testing us everyday, knocking our communications down, disabling our [EC-130 aircraft]."

The Lockheed Martin EC-130 Compass Call is one of America's most advanced electronic warfare weapons. Based on the C-130 Hercules, the plane was developed to disrupt enemy communications, radar and command operations. The craft's presence in Syrian skies gives Russia the chance to test its weapons against the best the U.S. has to offer, whether directly or through its Syrian allies. Earlier this month, four anonymous officials told NBC News that Russia has also been regularly targeting smaller U.S. surveillance drones. One of those quoted said Russian operations were having a significant impact on U.S. capabilities. The sophisticated attacks were even successful against encrypted signals and anti-jamming devices, the official said.
Slashdot reader john of sparta adds, "Well, it's war; not a surprise..."
Yahoo!

SEC Issues $35 Million Fine Over Yahoo Failing To Disclose Data Breach (theverge.com) 35

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.
Businesses

SmugMug Buys Flickr, Vows To Revitalize the Photo Service (usatoday.com) 61

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.
Businesses

Marissa Mayer is Back (bloomberg.com) 104

Former Yahoo Chief Executive Officer Marissa Mayer is starting a technology business incubator, Lumi Labs, with longtime colleague Enrique Munoz Torres, she revealed in an interview with The New York Times. Bloomberg: The venture will focus on consumer media and artificial intelligence, according to the company's website, which is set against a backdrop of snow-covered peaks. Lumi means snow in Finnish, Mayer told the New York Times, which reported the news earlier Wednesday. The next project for Mayer, who was an early employee at Google and worked there until leaving to run Yahoo in 2012, had been a matter of considerable speculation in Silicon Valley. She left Yahoo, once a leading search engine and web destination, after it was sold to Verizon Communications last year.
Yahoo!

Yahoo's New Privacy Policy Allows Data-Sharing With Verizon (cnet.com) 38

"Yahoo is now part of Oath and there is a new Privacy and Terms contract..." warns long-time Slashdot reader DigitalLogic. CNET reports: Oath notes that it has the right to read your emails, instant messages, posts, photos and even look at your message attachments. And it might share that data with parent company Verizon, too... When you dig further into Oath's policy about what it might do with your words, photos, and attachments, the company clarifies that it's utilizing automated systems that help the company with security, research and providing targeted ads -- and that those automated systems should strip out personally identifying information before letting any humans look at your data. But there are no explicit guarantees on that.
The update also warns that Oath is now "linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends." For example, Oath "may analyze user content around certain interactions with financial institutions," and "leverages information financial institutions are allowed to send over email."

Oath does offer a "Privacy Controls" page which includes a "legacy" AOL link letting you opt-out of internet-based advertising that's been targeted "based on your online activities" -- but it appears to be functioning sporadically.

CNET also reports that now Yahoo users are agreeing to a class-action waiver and mutual arbitration. "What it means is if you don't like what the company does with your data, you'll have a hard time suing."
Transportation

Waymo Starts To Eclipse Uber in Race To Self-Driving Taxis (sfchronicle.com) 67

Uber barreled into autonomous driving out of fear that it could end up as the MySpace or Yahoo of ride-hailing, a company with early gargantuan success that stumbled as times changed. Waymo, the self-driving offshoot of Google parent Alphabet, has pursued its ambitions more cautiously, accumulating long years of research and testing before pursuing a plan to bring its technology to the public. From a report: Now, as Waymo scales up its self-driving taxi service, Uber's fear could be coming to pass. This week, as Uber continued to reel from a fatal self-driving accident in Arizona, Waymo confidently pushed forward -- landing a deal to build 20,000 self-driving luxury SUVs with Jaguar Land Rover on top of its plan for thousands of Chysler hybrid minivans. Within two years, it aims to have thousands of fully autonomous taxis -- with no backup drivers behind the wheel -- on the roads, starting in Phoenix where it is already giving test rides.

The company predicts it will give 1 million robot-taxi rides a day by 2020. Waymo, the industry pioneer, logged millions of autonomous miles as it perfected self-driving technology. But over the years, engineers defected out of frustration that it was not commercializing the technology. Now with former auto executive John Krafcik at the helm, Waymo appears poised to launch a self-driving taxi service that could conceivably dominate that field, at least early on, the way Uber does now with human-driven cars.

Security

Hacker Adrian Lamo Dies At 37 (zdnet.com) 137

Adrian Lamo, a well-known hacker known for his involvement in passing information on whistleblower Chelsea Manning and hacking into systems at The New York Times, Microsoft, and Yahoo in the early-2000s, has died at 37. ZDNet reports: His father, Mario, posted a brief tribute to his son in a Facebook group on Friday. "With great sadness and a broken heart I have to let know all of Adrian's friends and acquittances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son," he wrote. The coroner for Sedgwick County, where Lamo lived, confirmed his death, but provided no further details. Circumstances surrounding Lamo's death are not immediately known. A neighbor who found his body said he had been dead for some time.
The Internet

Tumblr Has a Massive Creepshots Problem (vice.com) 122

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.

Yahoo!

Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules (reuters.com) 13

Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.

Businesses

Snap Is Laying Off Around 100 Engineers 64

An anonymous reader quotes a report from CNBC: Snap is laying off about 100 engineers -- nearly 10 percent of the team -- CNBC has learned. The company has seen smaller rounds of layoffs in recent months in its marketing, recruiting and content divisions. These layoffs would be Snap's largest yet and the first to hit the company's engineers. The company last month rolled out the redesign of its pioneering photo messaging app. The redesign separated publisher content from content posted by friends and connections. Snap reported roughly 3,000 employees as of the December quarter and said in its first annual filing that it expected "headcount growth to continue for the foreseeable future."
Data Storage

Dropbox Shows How It Manages Costs By Deleting Inactive Accounts (cnbc.com) 29

Dropbox employs a somewhat unusual technique to lower its costs, the cloud software company revealed on Friday in its filing to go public . From a report: In a process the company calls "infrastructure optimization," Dropbox said it deletes users' accounts if they don't sign in for a year and don't respond to emails. That keeps the company from incurring storage costs for inactive users, a tactic Yahoo has used in the past. Dropbox said that the costs of revenue dropped 6 percent in 2017 to $21.7 million, mostly due to a $35.1 million reduction "in our infrastructure costs." As it prepares to lure public market investors, Dropbox is paying particularly close attention to its expenses. The company operates in an intensively competitive market against vendors including Apple, Amazon, Box, Google and Microsoft. Once reliant on Amazon Web Services , Dropbox has moved away from public cloud in recent years and has been building its own data center infrastructure to store the majority of user data. Another way it's managed costs is by making sure that there weren't too many copies of users' files on third-party infrastructure.
Twitter

Federal Judge Says Embedding a Tweet Can Be Copyright Infringement (eff.org) 149

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright.
"[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.
Australia

Lifesaving Drone Makes First Rescue In Australia (yahoo.com) 45

Zorro shares a report from Yahoo News: A pair of Australian swimmers on Thursday became the first people to be rescued in the ocean by a drone when the aerial lifesaver dropped a safety device to distressed teens caught in rough seas. In what is believed to be a world-first drone surf rescue, two boys on Thursday got caught in three-meter (10-foot) swells while swimming off Lennox Head in New South Wales, near the border with Queensland. Beachgoers onshore raised the alarm to the lifeguards who then alerted the drone pilot, and the aerial lifesaver was deployed in moments.

Along with their ability to spot swimmers in trouble and deliver life saving devices faster than traditional lifesaving techniques, like launching surfboards or rubber dinghies, drones are being used in Australia to spot underwater predators like sharks and jellyfish. Artificial intelligence is being developed using thousands of images captured by a drone camera to build an algorithm that can identify different ocean objects. The software can differentiate between sea creatures, like sharks which it can recognize with more than 90 percent accuracy, compared to about 16 percent with the naked eye.

Software

'Very High Level of Confidence' Russia Used Kaspersky Software For Devastating NSA Leaks (yahoo.com) 232

bricko shares a report from Yahoo Finance: Three months after U.S. officials asserted that Russian intelligence used popular antivirus company Kaspersky to steal U.S. classified information, there are indications that the alleged espionage is related to a public campaign of highly damaging NSA leaks by a mysterious group called the Shadow Brokers. In August 2016, the Shadow Brokers began leaking classified NSA exploit code that amounted to hacking manuals. In October 2017, U.S. officials told major U.S. newspapers that Russian intelligence leveraged software sold by Kaspersky to exfiltrate classified documents from certain computers. (Kaspersky software, like all antivirus software, requires access to everything stored on a computer so that it can scan for malicious software.) And last week the Wall Street Journal reported that U.S. investigators "now believe that those manuals [leaked by Shadow Brokers] may have been obtained using Kaspersky to scan computers on which they were stored." Members of the computer security industry agree with that suspicion. "I think there's a very high level of confidence that the Shadow Brokers dump was directly related to Kaspersky ... and it's very much attributable," David Kennedy, CEO of TrustedSec, told Yahoo Finance. "Unfortunately, we can only hear that from the intelligence side about how they got that information to see if it's legitimate."
Microsoft

Microsoft: We're Not Giving Up On Cortana (Even In Home Automation) (zdnet.com) 93

Microsoft is trying to fight back against perceptions that Cortana may be its next consumer-centric technology to face the chopping block. Yesterday, the company issued a press release touting recent wins for Cortana. Among these are the officially unveiled Johnson Controls' Cortana-powered thermostat (which goes on sale for $319 starting in March). ZDNet reports the "other recent Cortana device partners": Allwinner: This company has the Tech R16 Quad Core IoT solution (a reference design for device partners).
Synaptics: This ODM (original design manufacturer) and far-field voice processing vendor produces reference designs for consumer IoT, smart speakers, PC, and more that integrate Cortana.
TONLY: Another reference design vendor working with Microsoft on Cortana devices that make use of Skype.
Qualcomm: In addition to partnering with Microsoft on Windows-on-ARM "Always Connected" PCs, Qualcomm is building reference designs on its Smart Audio and Mesh Networking platforms that use Cortana.
"In addition to our currently supported home automation partners, we are announcing new partnerships with Ecobee, Geeni, Honeywell Lyric, IFTTT, LIFX, TP-Link Kasa, and Honeywell Total Connect Comfort. Cortana currently supports lights, outlets, switches, and thermostats across all providers," the spokesperson said.
Businesses

Ars Technica Puts Twitter, Uber On '2018 Deathwatch' (arstechnica.com) 152

The editors of Ars Technica have compiled their annual list of "Companies, tech, and trends least likely to succeed in 2018... Let's grab a Juicero and take a moment to reflect on the utter dumpster fires that we've witnessed over the past 12 months." Some of its highlights: Uber. "The company is losing billions of dollars a year, with no clear strategy for getting to profitability. Uber lost $2.8 billion in 2016 and will lose even more than that in 2017. Uber had $6.6 billion cash on hand in mid-2017 -- money that might not last much beyond the end of 2018... The company needs to find a way to stem its losses and get on the path to profitability before investors get frustrated and close their checkbooks..."

Twitter. "Still a money-losing concern. In 2016, it lost a mere $456.9 million, and its losses have continued in 2017 (though at a slightly less hemorrhagic pace). Still, on paper, the company is burning through the equivalent of a third of its cash on hand per year. And profitability (or an acquisition) is nowhere in sight..."

Net Neutrality. "It's not a company, but it's on deathwatch anyway..."

They also advise readers to "Pour out one for Radio Shack, which died even faster the second time around after what looked like a brave reboot" (though it's now getting another reboot). And they're bragging about their successful picks last year for the companies least likely to succeed in 2017.

"Yahoo has now been officially digested by Oath, a Verizon Company, its bits commingling with AOL's in a new, bizarrely named beast that for now bears the same logos... Yik Yak, the anonymous gossiping-messaging app that got banned by various universities for hate speech, is dead -- selling its intellectual property to Square, of all companies... Theranos is busy sending out thousands of refunds to Arizona residents, and the company has rented out its Palo Alto headquarters in an attempt to stay solvent until it can legally test blood again... BlackBerry doesn't make phones any more, having licensed its trademark and some of its tech to TCL. It is now a 'cybersecurity software and services company dedicated to securing the Enterprise of Things.'"

Slashdot Top Deals