Alex Stamos on the security problems of the platforms' content moderation, and what to do about them

Alex Stamos (previously) is the former Chief Security Officer of Yahoo and Facebook. I've jokingly called him a "human warrant canary" because it seems that whenever he leaves a job, we later learn that his departure was precipitated by some terrible compromise the company was making -- he says that he prefers to be thought of as "the Forrest Gump of infosec" because whenever there is a terrible geopolitical information warfare crisis, he's in the background, playing ping-pong. Read the rest

Tumblr is for sale...again

Verizon wants to divest itself of Tumblr, having squandered much of the goodwill that made the platform so beloved by creating literally the stupidest censorship regime in the history of the internet; Tumblr became part of Verizon through the sale of Yahoo's media assets, and is part of a group Verizon dubbed "Oath" because everyone who encounters it ends up swearing. Verizon has admitted that it made a stupid, multi-billion dollar mistake when it bought Tumblr and its sister companies. (via Mitch Wagner) Read the rest

Verizon writes down its Yahoo/AOL assets by $4.6 billion

A friend who works in ad-tech tells me that Verizon's datasets from its Yahoo/AOL assets are "the creepiest" in the industry, but even with every dirty trick and every stupid, harebrained scheme, the companies formerly known as Oath (because everything Verizon did made their users swear uncontrollably) are basically worthless. Read the rest

WSJ: Yahoo plans to scan users' messages for data to sell to advertisers

Everything has a cost, especially in the realm of online services. It used to be a pretty common practice for providers of 'free' email services to scan their user's messages for data that'd be valuable to advertisers. The data got sold to keep the email provider's lights on, with in-browser advertising filling in the financial gaps. Most email providers abandoned the practice, years ago: they were amazed to find that it pissed off their users. Yahoo's parent company, Oath, however, is getting back on this particular brand of bullshit.

From The Verge:

Yahoo’s owner, Oath, is in talks with advertisers to provide a service that would analyze over 200 million Yahoo Mail inboxes for consumer data, sources told WSJ. Oath did not immediately respond to a request for comment.

Oath confirmed to the WSJ that it performs email scannings and said that it only scans promotional emails, usually from retailers. Users have the ability to opt out, it said. Oath’s argument is that email is an expensive system, and people can’t expect a free service without some value exchanged.

That's greasy.

Greasier still is the fact that even if you pony up the dough, on a monthly basis, for Yahoo's premium email services, your data will get scanned unless you opt to opt out. Finding the page that lets you do this, surprise, surprise is not easy to do. We've got your back, though. Follow this link to take control of your Oath-related privacy settings.

Oath swears that the data scraping method they use ignores personal information and personal identifiers. Read the rest

Russia-linked hacker Karim Baratov gets 5 years in U.S. prison & $250,000 fine for Yahoo breach

A Canadian man born in Kazakhstan has been sentenced to five years in prison for crimes connected to the massive Yahoo security breach that U.S. federal agents say was directed by Russian government spies.

“Karim Baratov, an FSB go-to guy for webmail hacking, was sentenced to 5 years in prison this morning, less than the nearly 8 years sought by the Justice Department,” says Daily Beast's Kevin Poulsen.

Below, why 5 years in prison is actually a good outcome for Baratov, who is 23. Read the rest

SEC fines Yahoo (now Altaba) $35 million over massive data breach

How the once mighty have fallen. Read the rest

Verizon is finally killing Compuserve Forums

Compuserve's sprawling, paleolithic forums were acquired along with Compuserve itself by AOL in 1998, and their fossil remains were augmented, year after year, decade after decade, by die-hard users who continued to participate there. Read the rest

Yahoo revises number of hacked accounts from 500,000,000 to 3,000,000,000

Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected. Read the rest

Verizon bought Yahoo, so Flickr and Tumblr users with AT&T email addresses are being cut off

Verizon's using its purchase of Yahoo for more than undermining the fight for net neutrality: it's also using its new acquisitions to make anti-competitive moves against its telcoms rivals, deploying the users of Flickr and Tumblr as hostages. Read the rest

Tumblr is now owned by a phone company, so it's stopped fighting for Network Neutrality

Yahoo's sale to Verizon means that Yahoo's sub-companies -- Flickr, Tumblr and a host of others -- are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public positions these companies are allowed to take. Read the rest

After ratting out users to China, Yahoo created (and then blew) a $17m "dissidents' fund"

It's been a decade since Yahoo got raked over the coals by Congress for helping the Chinese government spy on journalists and dissidents, some of whom were then arrested and tortured. Read the rest

IBM reports data breaches were up 566% (4B docs!) last year

Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention. Read the rest

Justice Dept. to charge 2 Russian spies and 2 criminal hackers with 2014 Yahoo breach of 500 million accounts

Before today's anticipated announcement by the Justice Department, more details are already leaking out about who they're after: “two Russian spies, and two criminal hackers.” Read the rest

After record-breaking donations and members, ACLU signs up for the Y Combinator startup accelerator

The ACLU raised $24M over the weekend of the #muslimban, six times its usual annual average, and now it is joining the Winter 2017 class at Y Combinator, a startup accelerator that has emerged a mixed bag of great and terrible companies, which has had to contend with controversy over its ties to Peter Thiel. Read the rest

Yahoo to change name to "Altaba"

Marissa Meyer is to leave Yahoo, which is to change its name to "Altaba" Read the rest

Yahoo reveals hackers took a further 1 billion accounts (phone, DoB, names, emails)

Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether. Read the rest

After being outed for massive hack and installing an NSA "rootkit," Yahoo cancels earnings call

What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest

More posts