Former Yahoo chief executive officer Marissa Mayer apologized today for a pair of massive data breaches at Yahoo and blamed Russian agents on the growing number of incidents involving major U.S. companies. A reader shares a report: "As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users," she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax and a senior Verizon Communications executive. "Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

Tesla has reported the largest quarterly loss in its history, and said it was cutting production of its Model S and Model X vehicles. Here are the key third-quarter numbers with expectations via Bloomberg: Adjusted loss per share: -$2.92 (-$2.23 expected); Revenue: $2.98 billion ($2.39 billion expected); Free cash flow: -$1.4 billion (-$1.2 billion (expected). Yahoo News reports: The company said it plans to produce 10% fewer units of its Model S and Model X models in the fourth quarter and reallocate resources to the Model 3, its newest. Tesla expects to hit a Model 3 production rate of 5,000 vehicles per week by late Q1 2018. "While we continue to make significant progress each week in fixing Model 3 bottlenecks, the nature of manufacturing challenges during a ramp such as this makes it difficult to predict exactly how long it will take for all bottlenecks to be cleared or when new ones will appear," Tesla said in its statement. Tesla said in October that it produced only 260 vehicles, well below its target of 1,500. CEO Elon Musk said the Model 3 was "deep in production hell."

SoftBank could commit as much as $880 billion to tech investments in the coming years, a gargantuan, unprecedented amount of cash that would amount to a seismic shift in tech-sector finance. From a report: "The Vision Fund was just the first step, 10 trillion yen ($88 billion) is simply not enough," CEO Masayoshi Son said in an interview with The Nikkei Asian Review that was published late Thursday. "We will briskly expand the scale. Vision Funds 2, 3 and 4 will be established every two to three years." Son's comment confirms a Recode report that his Vision Fund -- which is sinking $100 billion into the technology sector worldwide -- was only the first in a series of investments that he plans to make in young companies. "We are creating a mechanism to increase our funding ability from 10 trillion yen to 20 trillion yen to 100 trillion yen," Son told the outlet. That comes out to about $880 billion. Companies that SoftBank either completely owns or has major or minor stakes in include Vodafone Japan, Yahoo! Japan, India's Snapdeal, India's Ola, Sprint Corporation, and India's Flipkart. The company is expected to become a major stake holder in Uber as soon as next week.

A Palo Alto startup that stopped trying to be an "Android killer" last year after raising $185 million has apparently pivoted to developing autonomous vehicle technology. From a report: The company now known as Cyngn has changed its name from Cyanogen and recently got a permit to test its self-driving tech on California roads, according to a report Wednesday on Axios. It's being led by Lior Tal, the former chief operating officer who took over as CEO last fall when Kirt McMaster left. The rest of the startup's current team of about 30 people appear to have joined since the strategy shift, Axios reported, citing LinkedIn records. Some of them are former Facebook people, like Tal, and alumni of automakers who include Mercedes-Benz. No new funding has been disclosed for the reinvented company. It lists on its website investors who backed it before it pivoted, including Andreessen Horowitz, Benchmark Capital, Redpoint Ventures, Index Ventures, Qualcomm and Chinese social networking company Tencent. The company was the center of acquisition talk in 2014, when companies like Microsoft, Amazon, Samsung and Yahoo expressed interest in the company.

An anonymous reader quotes a report from Ars Technica: For fans of the platform, the official confirmation that Windows on phones isn't under active development any longer -- security bugs will be fixed, but new features and new hardware aren't on the cards -- isn't a big surprise. This is merely a sad acknowledgement of what we already knew. Last week, Microsoft also announced that it was getting out of the music business, signaling another small retreat from the consumer space. It's tempting to shrug and dismiss each of these instances, pointing to Microsoft's continued enterprise strength as evidence that the company's position remains strong. And certainly, sticking to the enterprise space is a thing that Microsoft could do. Become the next IBM: a stable, dull, multibillion dollar business. But IBM probably doesn't want to be IBM right now -- it has had five straight years of falling revenue amid declining relevance of its legacy businesses -- and Microsoft probably shouldn't want to be the next IBM, either. Today, Microsoft is facing similar pressures -- Windows, though still critical, isn't as essential to people's lives as it was a decade ago -- and risks a similar fate. Dropping consumer ambitions and retreating to the enterprise is a mistake. Microsoft's failure in smartphones is bad for Windows, and it's bad for Microsoft's position in the enterprise as a whole.

It's the end of an era: as of December 15, AOL's Instant Messenger will no longer exist. From a report: In a statement from Oath, the new entity formed under Verizon combining AOL with the recently-acquired Yahoo, the service will be discontinued. "AIM tapped into new digital technologies and ignited a cultural shift, but the way in which we communicate with each other has profoundly changed," said Michael Albers, VP of Communications Product at Oath. AIM was a staple of personal computers since first launching in 1997, serving as a precursor to popular apps like WhatsApp and Facebook Messenger. However, AIM couldn't make the seamless transition to mobile, where most users rely on instant messaging services. Users will be able to manually download any images or files on AIM before the service shuts down. However, users won't be able to export or save their Buddy List, the group of contacts available on AIM.

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, new parent company Verizon Communications Inc. said on Tuesday. The figure, which Verizon said was based on new information, is three times the 1 billion accounts Yahoo said were affected when it first disclosed the breach in December 2016. The new disclosure, four months after Verizon completed its acquisition of Yahoo, shows that executives are still coming to grips with the extent of the security problem in what was already the largest hacking incident in history by number of users.

A spokesman for Oath, the new name of Verizon's Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

50 years after Australia became the third country to launch a satellite into space, they had another big announcement. An anonymous reader quotes AFP: Australia on Monday committed to creating a national space agency as it looks to cash in on the lucrative and fast-evolving astronautical sector. The announcement came at a week-long Adelaide space conference attended by the world's top scientists and experts including SpaceX chief Elon Musk. It brings Canberra -- which already has significant involvement in national and international space activities -- into line with most other developed nations, which already have dedicated agencies to help coordinate the industry and shape development. "The global space industry is growing rapidly and it's crucial that Australia is part of this growth," acting science minister Michaelia Cash said in statement.
The Australian government estimates that the global space sector now drives $323 billion in revenue each year.

A new paper released on Monday via the National Bureau of Economic Research claims that retaining search log data doesn't do much for search quality. "Data retention has implications in the debate over Europe's right to be forgotten, the authors suggest, because retained data undermines that right," reports The Register. "It's also relevant to U.S. policy discussions about privacy regulations." From the report: To determine whether retention policies affected the accuracy of search results, Chiou and Tucker used data from metrics biz Hitwise to assess web traffic being driven by search sites. They looked at Microsoft Bing and Yahoo! Search during a period when Bing changed its search data retention period from 18 months to 6 months and when Yahoo! changed its retention period from 13 months to 3 months, as well as when Yahoo! had second thoughts and shifted to an 18-month retention period. According to Chiou and Tucker, data retention periods didn't affect the flow of traffic from search engines to downstream websites. "Our findings suggest that long periods of data storage do not confer advantages in search quality, which is an often-cited benefit of data retention by companies," their paper states. Chiou and Tucker observe that the supposed cost of privacy laws to consumers and to companies may be lower than perceived. They also contend that their findings weaken the claim that data retention affects search market dominance, which could make data retention less relevant in antitrust discussions of Google.

Sonos, a mid- to high-end speaker manufacturer, released an updated privacy policy for its speakers that almost certainly confirms that the company will release a speaker with Amazon's Alexa voice assistant built into the device in the near term. From a report: Though many devices that integrate with Alexa have been announced and are starting to come to market, this is one of the higher-profile examples and could be instructive for smart-speaker designers. The company first announced its intention to add voice-assistant integration to its speakers over a year ago, but didn't give any specific time frame for that step. And an FCC filing from the company that surfaced a few weeks ago showed that it is looking into systems that would support multiple voice assistants, so a user could potentially have the option to choose between Amazon's Alexa or Google's Assistant, depending on what other devices they own and what platform they prefer.

Apple has explained why its new facial recognition feature failed to unlock a handset at an on-stage demo (see around the 1:35:58 mark here) at the iPhone X's launch on Tuesday. From a report: The company blamed the Face ID glitch on a lockout mechanism triggered by staff members moving the device ahead of its unveil. Apple's software chief dealt with the hiccup by moving on to a back-up device, which worked as intended. But the hitch was widely reported. "People were handling the device for [the] stage demo ahead of time and didn't realise Face ID was trying to authenticate their face," an unnamed company representative is quoted as saying by Yahoo's David Pogue. "After failing a number of times, because they weren't Craig [Federighi], the iPhone did what it was designed to do, which was to require his passcode."

An anonymous reader writes: Organized labor doesn't rack up a lot of wins these days, and Silicon Valley isn't most people's idea of a union hotbed. Nonetheless, in the past three years unions have organized 5,000 people who work on Valley campuses. Among others, they've unionized shuttle drivers at Apple, Tesla, Twitter, LinkedIn, EBay, Salesforce.com, Yahoo!, Cisco, and Facebook; security guards at Adobe, IBM, Cisco, and Facebook; and cafeteria workers at Cisco, Intel, and, earlier this summer, Facebook. The workers aren't technically employed by any of those companies. Like many businesses, Valley giants hire contractors that typically offer much less in the way of pay and benefits than the tech companies' direct employees get. Among other things, such arrangements help companies distance themselves from the way their cafeteria workers and security guards are treated, because somebody else is cutting the checks. Silicon Valley Rising, a coalition of unions and civil rights, community, and clergy groups heading the organizing campaign, says its successes have come largely from puncturing that veneer of plausible deniability. That means directing political pressure, media scrutiny, and protests toward the tech companies themselves. "Everybody knows that the contractors will do what the tech companies say, so we're focused on the big guys," says Ben Field, a co-founder of the coalition who heads the AFL-CIO's South Bay Labor Council. Labor leaders say their efforts have gotten some tech companies to cut ties with an anti-union contractor, intervene with others to ease unionization drives, and subsidize better pay for contract workers. "If you want to get people to buy your product, you don't want them to feel that buying your product is contributing to the evils of the world," says Silicon Valley Rising co-founder Derecka Mehrens, who directs Working Partnerships USA, a California nonprofit that advocates for workers. Tech companies have been image-conscious and closely watched of late, she says, and the coalition is "being opportunistic."

Sergey Bratus, Research Associate Professor of Computer Science, Dartmouth College, and Anna Shubina, Post-doctoral Associate in Computer Science, Dartmouth College write: The real issue is that today's web-based email systems are electronic minefields filled with demands and enticements to click and engage in an increasingly responsive and interactive online experience. It's not just Gmail, Yahoo mail and similar services: Desktop-computer-based email programs like Outlook display messages in the same unsafe way. Simply put, safe email is plain-text email -- showing only the plain words of the message exactly as they arrived, without embedded links or images. Webmail is convenient for advertisers (and lets you write good-looking emails with images and nice fonts), but carries with it unnecessary -- and serious -- danger, because a webpage (or an email) can easily show one thing but do another. Returning email to its origins in plain text may seem radical, but it provides radically better security. Even the federal government's top cybersecurity experts have come to the startling, but important, conclusion that any person, organization or government serious about web security should return to plain-text email (PDF).

An anonymous reader quotes AFP: Hurricane Irma, now taking aim at Florida, has stunned experts with its sheer size and strength, churning across the ocean with sustained Category 5 winds of 183 miles per hour (295 kilometers per hour) for more than 33 hours, making it the longest-lasting, top-intensity cyclone ever recorded. Meanwhile Jose, a Category 4 on the Saffir Simpson scale of 1 to 5, is fast on the heels of Irma, pummeling the Caribbean for the second time in the span of a few days. Many have wondered what is contributing to the power and frequency of these extreme storms. "Atlantic hurricane seasons over the years have been shaped by many complex factors," said Jim Kossin, a NOAA hurricane scientist at the University of Wisconsin. "Those include large scale ocean currents, air pollution -- which tends to cool the ocean down -- and climate change"...

Some think a surge in industrial pollution after World War II may have produced more pollutant particles that blocked the Sun's energy and exerted a cooling effect on the oceans. "The pollution reduced a lot of hurricane activity," said Gabriel Vecchi, professor of geosciences at Princeton University's Environmental Institute. Pollution began to wane in the 1980s due to regulations such as the Clean Air Act, allowing more of the Sun's rays to penetrate the ocean and provide warming fuel for storms. Vecchi said the "big debate" among scientists is over which plays a larger role -- variations in ocean currents or pollution cuts. There is evidence for both, but there isn't enough data to answer a key question...

The burning of fossil fuels, which spew greenhouse gases into the atmosphere and warm the Earth, can also be linked to a rise in extreme storms in recent years. Warmer ocean temperatures yield more moisture, more rainfall, and greater intensity storms. "It is not a coincidence that we're seeing more devastating hurricanes," climatologist Michael Mann of Penn State University told AFP in an email. "Over the past few years, as global sea surface temperatures have been the warmest on record, we've seen the strongest hurricanes -- as measured by peak sustained winds -- globally, in both Southern and Northern Hemisphere, in both Pacific and now, with Irma, the open Atlantic," he added. "The impacts of climate change are no longer subtle. We're seeing them play out in real time, and the past two weeks have been a sadly vivid example."

The breach Equifax reported Thursday is very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. Dan Goodin of ArsTechnica writes: By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely. Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number. What's more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people's names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired. Meanwhile, if you accept Equifax's paltry "help" you forfeit the right to sue the company, it has said. In its policy, Equifax also states that it won't be helping its customers fix hack-related problems.

UPDATE (9/9/17): Equifax has now announced that "the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

Bloomberg reported on Friday that a class action seeking to represent 143 million consumers has been filed, and it alleges the company didn't spend enough on protecting data. The class-action -- filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions -- will seek as much as $70 billion in damages nationally.

An anonymous reader shares a report: A new Verizon rewards program, Verizon Up, provides credits that wireless subscribers can use for concert tickets, movie premieres and phone upgrades. But it comes with a catch: Customers must give the carrier access to their web-browsing history, app usage and location data, which Verizon says it uses to personalize the rewards and deliver targeted advertising as its customers browse the web. The trade-off is part of Verizon's effort to build a digital advertising business to compete with web giants Facebook and Google, which often already possess much of the same customer information. Even though Congress earlier this year dismantled tough privacy regulations on telecommunications providers, Verizon still wants customers to opt-in to its most comprehensive advertising program, called Verizon Selects. Data collected under the program is shared with Oath, the digital-media unit Verizon created when it bought AOL and Yahoo. Since access to data from customers could make it easier to tailor ads to their liking, Verizon hopes the information will help it gain advertising revenue to offset sluggish growth in its cellular business.See a current list of Verizon plans here.

Saritha Rai, writing for Bloomberg: A teenage entrepreneur who became a millionaire by 20 before sharing a billion-dollar fortune at 36, Bhavin Turakhia isn't afraid to think big. Now he's putting $45 million of his own money into building a rival to Slack and other office messaging platforms. Flock, a cloud-based team collaboration service, has attracted 25,000 enterprise users and customers including Tim Hortons, Whirlpool and Princeton University. It's a market that has already drawn interest from global technology giants Facebook, Amazon.com and Microsoft. This time last year, few had heard of Bhavin and his younger brother Divyank. That changed when they sold their advertising technology company Media.net, with customers including Yahoo, CNN and the New York Times, to a Chinese consortium for $900 million. The all-cash deal catapulted the duo from mere millionaires into the ranks of the super-rich. "I want to make Flock bigger and better than anything I've built before," Bhavin Turakhia, wearing his signature dark Levi's T-shirt and Puma sweatpants, said at his Bangalore offices.

An anonymous reader quote BuzzFeed: The vast majority of money raised to pay for the legal defense of beloved British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says. Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those. "I don't want to take the risk, so I just refunded everything," he said.
Two days later, Hutchins posted the following on Twitter. "When sellouts are talking shit about the 'infosec community' remember that someone I'd never met flew to Vegas to pay $30K cash for my bail."

Hutchins is facing up to 40 years in prison, and at first was only allowed to leave his residence for four hours each week. Thursday a judge lifted some restrictions so that Hutchins is now allowed to travel to Milwaukee, where his employer is located. According to Bloomberg, government prosecutors complain Hutchins now "has too much freedom while awaiting trial and may skip the country."

Clickthrough for a list of the evidence government prosecutors submitted to the court this week.

An anonymous reader quotes the AP: A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States. Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia's Federal Security Service. They are accused of computer hacking, economic espionage and other crimes.

An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it. His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt... U.S. law enforcement officials call Baratov a "hacker-for-hire" paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union.
Yahoo also believes that attack -- which breached at least 500 million Yahoo accounts in 2014 -- was perpetrated by "a state-sponsored actor." The CBC reports that Baratov lives alone in a large, new house in an expensive subdivision. "His parents either bought him the house," one neighbor told the CBC, "or he's getting money somewhere else, because he doesn't seem to work all day; he just drives up and down the street."

The CBC also reports that Baratov's Facebook page links to a Russian-language site "which claims to offer a number of services, including servers for rent in Russia, protection from distributed denial of service (DDoS) attacks, and domain names in China."

Microsoft said this week that Bing is "bigger than you think" and provided some numbers that could be a surprise to many. The company claims that fully one-third of searches in the US are powered by Bing, either directly or through Yahoo or AOL (both of which provide results generated by Microsoft). From a report: With 9% market share worldwide and 12 billion monthly searches, almost half of that (5 billion) comes from the United States where Bing has 33% market share.