Alex Stamos (previously) is the former Chief Security Officer of Yahoo and Facebook. I've jokingly called him a "human warrant canary" because it seems that whenever he leaves a job, we later learn that his departure was precipitated by some terrible compromise the company was making -- he says that he prefers to be thought of as "the Forrest Gump of infosec" because whenever there is a terrible geopolitical information warfare crisis, he's in the background, playing ping-pong.
Read the rest
In a year-in-review post, Facebook's Mark Zuckerberg said on Friday he is “proud of the progress we've made.”
Yes, he really is that deluded. Read the rest
Alex Stamos stepped down as CSO for Facebook in August, after a career in which he rather fearlessly and bluntly warned about deficiencies in Facebook's security (this was totally in keeping with Stamos's character; he seems to have walked out on his job running security for Yahoo rather than building an NSA backdoor for them, making him something of a human warrant canary).
Read the rest
Just when you thought that Facebook couldn't get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service's two-factor authentication protection? Zuckerberg and his crew are using it to serve up advertisements to unsuspecting users.
Facebook’s confession follows a story Gizmodo ran a story yesterday, related to research work carried out by academics at two U.S. universities who ran a study in which they say they were able to demonstrate the company uses pieces of personal information that individuals did not explicitly provide it to, nonetheless, target them with ads.
While it’s been — if not clear, then at least evident — for a number of years that Facebook uses contact details of individuals who never personally provided their information for ad targeting purposes (harvesting people’s personal data by other means, such as other users’ mobile phone contact books which the Facebook app uploads), the revelation that numbers provided to Facebook by users in good faith, for the purpose of 2FA, are also, in its view, fair game for ads has not been so explicitly ‘fessed up to before.
The best part of all of this is that, according to TechCrunch, Facebook had the chance to confess to their shitty behavior some time ago when it was revealed that users who submitted a phone number for 2FA purposes were being spammed with texts ads sent to their smartphones. Read the rest
The latest read from Alex Stamos bears an appropriately grim title. Read the rest
Facebook's longtime Chief Security Officer Alex Stamos is quitting, as announced earlier this year. The company seems to think it doesn't need a new CSO, despite having just acknowledged Tuesday it is the subject of ongoing, sustained, coordinated information warfare attacks just ahead of the 2018 midterm elections. Read the rest
As Facebook users drift away from the platform, the company is becoming increasingly desperate to lure them back, doubling down on its obnoxious tactic of spamming users whose activity has fallen off with notifications intended to pique their interest in using the service again.
Read the rest
Earlier this month Facebook Chief Security Officer Alex Stamos threw a twittertantrum over accusations that Facebook's algorithms promoted fake news in its users' feeds: "I am seeing a ton of coverage of our recent issues driven by stereotypes of our employees and attacks against fantasy, strawman tech cos," he wrote. "Nobody of substance at the big companies thinks of algorithms as neutral. Nobody is not aware of the risks."
But who needs algorithms to help political trolls transmit propaganda, when Facebook's sales team created this beautiful "US Political Segmentation" menu that made it easy to target groups of people "along a political ideology spectrum."
Read the rest
Indeed, it's increasingly clear that Facebook did not police its platform effectively during the 2016 election. This week, the company will have to answer questions from Congress about its missteps, including how it allowed a $100,000 Kremlin-linked ad buy intended to influence the election and sow discord in its aftermath. Asked if any of the 14 segments were targeted in that ad buy, a Facebook spokesperson said they were not, noting that the segments were available only through sales teams from whom the Russians did not buy ads. Asked if the Russians used the broader, umbrella categories in their targeting, a Facebook spokesperson reiterated Facebook's intention to let Congress decide whether to release the ads and associated data.
A leaked recording of Facebook security chief Alex Stamos (who refused to help with an illegal NSA spying program when he was CSO for Yahoo) has him describing the company's IT culture as being "like a college campus, almost" while the company has the "threat profile of a Northrop Grumman or a Raytheon or another defense contractor." Read the rest
A Russian government-affiliated troll farm called Internet Research Agency bought a Black Lives Matter ad on Facebook targeting Ferguson and Baltimore, reports CNN, with "the apparent goal of the Russian buyers to amplify political discord and fuel an atmosphere of incivility and chaos."
Facebook refuses to release the ad publicly, citing issues of privacy, even though ad ran publicly in late 2015 or early 2016.
Facebook did not comment for this story but did point to a statement from Facebook's chief security officer, Alex Stamos, who said earlier this month that "the vast majority of ads run by these accounts didn't specifically reference the U.S. presidential election, voting or a particular candidate."
"Rather," Stamos said, "the ads and accounts appeared to focus on amplifying divisive social and political messages across the ideological spectrum -- touching on topics from LGBT matters to race issues to immigration to gun rights."
Warner, the top Democrat on the Senate Intelligence Committee, said this week that the aim of the ad-buyers "was to sow chaos."
"In many cases, it was more about voter suppression rather than increasing turnout," he told reporters.
The Senate Intelligence Committee will also hear from Twitter on Thursday about how foreign nationals may have used its ad service to influence the 2016 election. Twitter has declined to shed any light so far on what information it plans to give to Congress.
Related: Russian-generated Facebook posts pushed Trump as "only viable option." Read the rest
Joe Menn at Reuters reports that Facebook is pitching in an initial $500,000 in seed funding to launch a nonprofit that will work to protect American political parties, voting systems and information providers from malicious attacks by hackers and foreign nation-states. Read the rest
Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance. Read the rest
Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest
Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.
Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.
According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
It might not seem terribly meaningful to users, given the revelation that 500m Yahoo accounts (surely all of its users, or close to it) were hacked anyway, but there's a difference between a one-off break-in and a standing invitation. Over four years of Mayer's leadership, Yahoo suffered a "stunning collapse in valuation" and was sold to Verizon for $4.83bn. Completion of the deal is reportedly threatened by the recent stories about Yahoo's security failings. Read the rest
In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest