An anonymous reader quotes a report from Mac Rumors: Apple's iPhone and iPad were the most popular mobile devices gifted during the holidays this year, according to new data shared by Yahoo-owned mobile analytics firm Flurry. Flurry examined device activations by manufacturer between 12/19 and 12/25, finding Apple devices to be twice as popular as Samsung devices. 44 percent of all new phone activations were Apple iPhones, while Samsung smartphones accounted for 21 percent of activations. Huawei, LG, Amazon, Oppo, Xiaomi, and Motorola trailed behind with between two and three percent of activations each. Google's Pixel smartphone, which came out in October, did not make Flurry's list. Last year, Flurry released a similar report, and Apple devices made up 49.1 percent of all device activations, while Samsung devices came in at 19.8 percent. Phablets, or smartphones and tablets ranging in size from 5 inches to 6.9 inches, continued to grow in popularity. In 2016, the phablets category, which includes the 5.5-inch iPhone 6 Plus, 6s Plus, and 7 Plus, was responsible for 37 percent of total device activations. Medium-sized phones, like the 4.7-inch iPhone 6, iPhone 6s, and iPhone 7, were responsible for 45 percent of all activations. Activations of full-sized tablets, like the iPad, have continued to wane. From Flurry's report: "While Samsung is slowly growing in popularity throughout the holiday season, up 1% from last year, Apple devices continue to be the gift to give. Holding the third and fourth positions for activations are Huawei and LG; which is remarkable, as both manufacturers do not have an individual device within the top 35 devices activated. Their high rank is likely due to the fact that they have wide variety of devices and affordable options (hundreds of phablet and medium phones) for consumers to choose from."

earlytime writes: Large scale account hacks such as the billion user Yahoo breach and targeted phishing hacks of gmail accounts during the U.S. election have made 2016 an infamous year for web security. Along comes U2F/web-security keys to address these issues at a critical time. Ars Technica reports that U2F keys "may be the world's best hope against account takeovers": "The Security Keys are based on Universal Second Factor, an open standard that's easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a 'cryptographic assertion' that's just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms. After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication."

The researchers wrote in a recently published report: "We have shipped support for Security Keys in the Chrome browser, have deployed it within Google's internal sign-in system, and have enabled Security Keys as an available second factor in Google's Web services. In this work, we demonstrate that Security Keys lead to both an increased level of security and user satisfaction as well as cheaper support cost."

An anonymous reader quotes a report from Reuters: Yahoo Inc's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings. The order on Yahoo from the secret Foreign Intelligence Surveillance Court (FISC) last year resulted from the government's drive to change decades of interpretation of the U.S. Constitution's Fourth Amendment right of people to be secure against "unreasonable searches and seizures," intelligence officials and others familiar with the strategy told Reuters. The unifying idea, they said, is to move the focus of U.S. courts away from what makes something a distinct search and toward what is "reasonable" overall. The basis of the argument for change is that people are making much more digital data available about themselves to businesses, and that data can contain clues that would lead to authorities disrupting attacks in the United States or on U.S. interests abroad. While it might technically count as a search if an automated program trawls through all the data, the thinking goes, there is no unreasonable harm unless a human being looks at the result of that search and orders more intrusive measures or an arrest, which even then could be reasonable. Civil liberties groups and some other legal experts said the attempt to expand the ability of law enforcement agencies and intelligence services to sift through vast amounts of online data, in some cases without a court order, was in conflict with the Fourth Amendment because many innocent messages are included in the initial sweep. But the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, said in an interview with Reuters on Tuesday that the legal interpretation needed to be adjusted because of technological changes.

An anonymous reader writes: As if 2016 wasn't shitty enough for Yahoo -- which admitted to two separate breaches that saw 500 million users' and then 1 billion users' details stolen by hackers -- the New York Times reports that a billion-user database was sold on the Dark Web last August for $300,000. That's according to Andrew Komarov, chief intelligence office at security firm InfoArmor. He told NYT that three buyers, including two prominent spammers and another who might be involved in espionage tactics purchased the entire database at the aforementioned price from a hacker group believed to based in Eastern Europe. It's lovely to know that it only costs $300,000 to be able to threaten a billion people's online existence -- which means each account is only worth $0.0003 to hackers who can ruin your life online in a matter of minutes. Yahoo also doesn't yet know who made off with all the data from the attack in 2013, which is said to be the largest breach of any company ever.

Verizon is reconsidering its $4.8 billion purchase of Yahoo, according to Bloomberg. Citing a source, the publication claims that Wednesday's announcement by Yahoo -- theft of info from one billion users -- has led Verizon to consider scrapping the deal entirely. From the report: While a Verizon group led by AOL Chief Executive Officer Tim Armstrong is still focused on integration planning to get Yahoo up and running, another team, walled off from the rest, is reviewing the breach disclosures and the company's options, said the person, who asked not to be identified discussing private information. A legal team led by Verizon General Counsel Craig Silliman is assessing the damage from the breaches and is working toward either killing the deal or renegotiating the Yahoo purchase at a lower price, the person said. One of the major objectives for Verizon is negotiating a separation from any future legal fallout from the breaches. Verizon is seeking to have Yahoo assume any lasting responsibility for the hack damage, the person said.

An anonymous reader quotes a breaking report from ABC News: Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The Sunnyvale, California, company says it's a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo. Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

An anonymous reader quotes Yahoo Finance's David Pogue: You know this tip, don't you? When you tap the Space bar, the web page you're reading scrolls up exactly one screenful... But in recent years, something clumsy and unfortunate has happened: Web designers have begun slapping toolbars or navigation bars at the top of the page. That's fine -- except when it throws off the Space-bar scrolling! Which, most of the time, it does.

Suddenly, tapping Space doesn't scroll the right amount. The lines you were supposed to read next scroll too high; they're now cut off. Now you have to use your mouse or keyboard to scroll back down again. Which defeats the entire purpose of the Space-bar tip. Over the last few months, I've begun keeping track of which sites do Space-bar scrolling right -- and which are broken. I want to draw the public's attention to this bit of broken code, and maybe inspire the world's webmasters to get with the program.
Pogue's article announces "the world's first Space-Bar Scrolling Report Card," shaming sites like the Wall Street Journal, USA Today, The New Yorker, and Scientific American for their improperly-scrolling web sites. (As well as, ironically, Yahoo -- the parent company of the site Pogue is writing for.) Pogue writes that web programmers "should get their act together so that the scroll works as it's supposed to. (And if you work for one of those sites, and you manage to get the scrolling-bug fixed, email me so I can update this article and congratulate you.)"

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.

CNN announced Monday that it has purchased video-sharing app Beme, and will work with its founder, Casey Neistat, to build a new media brand next year focused on storytelling for a younger audience. Casey Neistat is a YouTube celebrity and tech entrepreneur who launched Beme last year. Variety reports: CNN said the new venture that it's forming out of the acquisition -- aimed at reaching millennial viewers with the street cred of Neistat's reporting and commentary -- will launch in the summer of 2017. All 11 of Beme's employees will join CNN; the cable news network will be shutting down Beme, which had garnered more than 1 million downloads. New York-based filmmaker Neistat, who has more than 5.8 million subscribers on YouTube, announced earlier this month on his channel that he would be suspending his personal vlog to focus on new projects, one of which turns out is the pact with CNN. His daily vlog dispatches cover current political and news events as well as action sequences like his viral "Snowboarding With the NYPD" video last winter. Led by Hackett, formerly VP of engineering at Yahoo's Tumblr, Beme's development team will "build technology to enable the new company and also develop mobile video capabilities for CNN's portfolio of digital properties," according to the Turner-owned cable news network. Neistat, 35, will lead the new venture's "editorial vision" as executive producer. CNN said it will employ its global resources to launch the new media brand, and plans to hire dozens of producers, builders, developers, designers and content creators for the new company. CNN said the new Beme-based company will operate as a standalone business under the CNN Digital umbrella.

An anonymous reader quotes a Digital Trends story about a suspicious malfunction on Google Maps: At some point yesterday, Donald Trump's Fifth Avenue home was given a rather unceremonious rechristening, and a search for "Trump Tower" revealed a pin for "Dump Tower" instead. It was rather tricky to find for some, and required zooming in on the building itself at just the right angle (which is perhaps how the culprit got away with the stunt in the first place). At a separate angle, someone else (or perhaps the same person) transliterated the skyscraper's name in Russian Cyrillic, perhaps meant to be a jab at Trump's alleged ties to President Vladimir Putin and company... While the team [at Google Maps] managed to put out this first fire, another quickly arose to take its place (as is often the case on the internet), and later in the day on Saturday, Trump International Hotel and Tower in Columbus Circle was renamed Dump International Hotel and Tower. Meanwhile, another anonymous reader writes: Earlier this week Donald Trump emailed his supporters selling a $149 collectible "Make America Great Again" Christmas ornament finished with 14k gold, to raise money for both his campaign and the Republican party. But Yahoo News reports that it's now getting some suspicious negative (and politically-charged) reviews on its page on Amazon. ("One Star. "It tried to put my nativity figures into an internment camp.") And another reviewer even wrote a satirical story about how their family decided on the ornament for the tree. "During our family meeting we overwhelmingly chose the other ornament but somehow we still ended up with this one. We're not sure what happened."

An anonymous reader shares an IBTimes report: Numerous journalists and professors are taking to social media to report that they have received an alarming message regarding state-sponsored hacking when accessing their Gmail or other sites that use their Google account. Journalists who received the warning include Nobel Prize-winning economist and New York Times columnist Paul Krugman, New York magazine's Jonathan Chait, Politico's Julia Ioffe, GQ's special correspondent Keith Olbermann, Vox's Ezra Klein, Yahoo News' Garance Franke-Ruta, and one of President Barack Obama's former speechwriters, Jon Lovett. The warning says, "Google may have detected government-backed attackers trying to steal your password." These warnings are being sent by Google since 2012 but Twitter has erupted with a flurry of people in the media and academic community receiving this in the past 24 hours.

The Internet Association -- a group of 40 top internet companies including Airbnb, Amazon, Facebook, Google, LinkedIn, Netflix, Twitter, Uber and Yahoo -- issued an open letter on Monday that congratulates Donald Trump on his victory and offers a long list of policy positions they hope he'll consider during his time as president. From a report on CNET:That list includes:
Upholding Section 230 of the Communications Decency Act so internet companies can't get sued easily for things their users say or do online.
Upholding Section 512 of the Digital Millennium Copyright Act so internet companies can't get easily sued if they quickly remove copyrighted content that users upload (such as infringing photos and YouTube videos).
Reforming the 30-year-old Electronic Communications Privacy Act -- "Internet users must have the same protections for their inbox as they do for their mailbox," states the association. Supporting strong encryption (Trump called for a boycott of Apple when it refused to comply with an FBI order to unlock an iPhone linked to terror.)
Reforming Section 702 of the Foreign Intelligence Surveillance Act, which lets the NSA collect online communications without a warrant.
Providing similar copyright protections for companies that operate outside the US.
Reforming the US Patent Office to deter patent trolls, a term for companies that sue other companies based on patents without actually producing new products.Here's the full list.

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo's board, which launched an internal probe in August to learn more about the state-sponsored attack that affected data belonging to at least 500 million members, discovered that staff knew of the attack two years ago. "The company had identified that a state-sponsored actor had access to the company's network in late 2014," the company said In a filing with Securities and Exchange Commission.

FBI director James Comey told Congress Sunday that the further investigation of emails related to Hillary Clinton didn't turn up anything that would cause the bureau to recommend charges against her. The FBI had reviewed over 650,000 emails under nine days. Upon hearing this, GOP presidential candidate Donald Trump and his supported started to question whether the FBI could go through all those emails in such a short period of time. We will never know for sure until the FBI explains its process to us all (which is unlikely to happen), so people turned to Edward Snowden over the weekend for answers. And Mr. Snowden didn't disappoint. From a report on GeekWire: How easy would it be to cull out the duplicate emails? Outspoken journalist Jeff Jarvis posed that question to Snowden in a tweet, and got a quick response: "Drop non-responsive To:/CC:/BCC:, hash both sets, then subtract those that match. Old laptops could do it in minutes-to-hours."

Secret service agents rushed Donald Trump off a stage in Nevada Saturday night, CNN reports. "A scuffle could be seen breaking out in the audience, but it was not immediately clear what happened... Secret Service and police tactical units rushed in to detain a man [who] was then rushed by a throng of police officers, Secret Service agents and SWAT officers armed with assault rifles to a side room... A law enforcement official told CNN no weapon was discovered. The GOP nominee was apparently unharmed and returned to the stage minutes later to finish his speech." Meanwhile, an anonymous reader writes: "All but two U.S. states have accepted help from the U.S. Department of Homeland Security to probe and scan voter registration and election systems for vulnerabilities, a department official told Reuters." Ohio is relying on the National Guard's cyber protection unit, while Arizona says they've held discussions with the FBI, DHS and state-level agents on cyber security. But in addition, "U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News."

American officials believe Russian hacking efforts will continue through 2018, according to the Wall Street Journal. "By hacking and dumping emails, Russia is trying 'to denigrate the American electoral system, to make it look chaotic, make it look manipulable, make it look subject to intrusion, cheating and vulnerable so you can't trust it...to make us look no better than the Russian electoral system,'" said one senior White House official. Russia is also expected to extend their efforts toward elections in Europe.

A two-year FBI investigation apparently centered on the satirical web site "GodHatesGoths". Long-time Slashdot reader v3rgEz writes: In 2005, the FBI launched an investigation into the "Church of the Hammer," a fundamentalist Christian sect which called for the wholesale slaughter of practitioners of the goth subculture. Two years later, the investigation was closed, on grounds that the Church didn't exist. The FBI's threat assessment detailed "an extremely right-wing Christian group that adheres to a Middle Ages Catholic text called the 'Malleus Malificarum.'" But MuckRock.com reports that "The Bureau's main source on the case was a goth who had engaged with members of the Church via their Yahoo Group...trying to dispel their misconceptions about the relationship between the subculture and Satanism." After two years of scouring through crime databases and making phone calls to the Salem police department, FBI investigators actually visited the GodHatesGoths web site -- which turned out to be a parody.

Montreal police have reportedly spied on La Presse journalist Patrick Lagace, tracking his cellphone calls, texts, and locations. According to Legace, the police department "obtained the court-authorized search warrants because they believed the target of one of their investigations was feeding him information." However, he said "the story in question was actually first reported on by a competitor, leading him to believe the investigation was actually a thinly veiled attempt to learn the identity of the sources within the police department." CBC.ca reports: La Press reported Monday at least 24 surveillance warrants were issued for Patrick Lagace's iPhone this year at the request of the police special investigations unit. That section is responsible for looking into crime within the police force. The warrants were used to track Lagace's whereabouts using the GPS chip in his iPhone. The warrants also allowed police to obtain the identities of everyone he spoke to or exchanged text messages with during that time. It's part of a "culture shift" among law enforcement and judges that began with the passing of Bill C-51 under the previous Conservative government, he said. Henheffer pointed to other recent cases where law enforcement has been spying on journalists or fighting for them to turn over the names of anonymous sources in court. In September, the Surete du Quebec seized Journal de Montreal reporter Michael Nguyen's computer because they believed he illegally obtained information cited in a story he wrote. At the same time, the RCMP has been trying to get a reporter from Vice News to hand over background materials used for stories on a suspected terrorist. Last May, CBC News revealed that a rogue group of Mounties investigating the leak of a secret document spied on two Canadian journalists for more than a week without any authorization.

European privacy regulators have fired a warning shot to Facebook's WhatsApp and Yahoo, saying they sent letters to the companies expressing concerns about possible violations of the bloc's data-protection rules. From a TechCrunch report: A seismic shift in privacy policy by messaging app WhatsApp this summer, when it said it would begin sharing user data with parent company Facebook including for ad targeting, has now attracted the attention of European's data protection watchdog group, the Article 29 Working Party. The WP29 group wrote to WhatsApp founder Jan Koum yesterday, setting out its concerns about the privacy policy U-turn -- including how the shift was communicated to users. "The Article 29 Working Party (WP29) has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of the users' consent,"it writes. "WP29 also questions the effectiveness of control mechanisms offered to users to exercise their rights and the effects that the data sharing will have on people that are not a user of any other service within the Facebook family of companies."

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: "The deal makes strategic sense," said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. "We won't jump off of a cliff blindly." She continues to believe there's value in the Yahoo name, noting that it won't go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a "material impact" to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.