Jump to content

Search the Community

Showing results for tags 'yahoo'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 51 results

  1. (Reuters) - Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required. Koh said the original settlement was not "fundamentally fair, adequate and reasonable" because it had no overall dollar value and did not say how much victims might expect to recover. She also said the legal fees appeared to be too high. Yahoo, now part of New York-based Verizon Communications Inc, had been accused of being slow to disclose three data breaches affecting about 3 billion accounts from 2013 to 2016. The new settlement includes at least $55 million for victims' out-of-pocket expenses and other costs, $24 million for two years of credit monitoring, up to $30 million for legal fees, and up to $8.5 million for other expenses. It covers as many as 194 million people in the United States and Israel with roughly 896 million accounts. John Yanchunis, a lawyer for the plaintiffs, in a court filing called the $117.5 million the "biggest common fund ever obtained in a data breach case." He did not immediately respond to requests for additional comment. Separately, Verizon agreed to spend $306 million between 2019 and 2022 on information security, five times what Yahoo spent from 2013 to 2016. It also pledged to quadruple Yahoo's staffing in that area. "The settlement demonstrates our strong commitment to security," Verizon said in a statement. Yahoo agreed in July 2016 to sell its internet business to Verizon for $4.83 billion. Only later did it reveal the scope of the breaches, prompting a price cut to $4.48 billion. Verizon wrote off much of Yahoo's value in December. U.S. prosecutors charged two Russian intelligence agents and two hackers in connection with one of the breaches in 2017. One hacker later pleaded guilty. The case is In re: Yahoo Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of California, No. 16-md-02752. Source
  2. Yahoo Mail and AOL Mail, which both fly under the Oath banner, a Verizon owned company, scan emails that arrive in user inboxes to improve advertisement targeting. An article published by The Wall Street Journal (sorry, no link as it is paywalled), suggests that Oath's email scanning may go beyond what users of the service may deem acceptable. According to the article, Yahoo is scanning commercial emails of all free users who did not opt-out of personalized advertisement to improve targeted advertising. Yahoo creates profiles of users by assigning them to certain groups or categories. A user who receives receipts for online purchases may be put into different categories based on the purchases, frequent traveler for example for users who get emails about several plane tickets in a period of time. Yahoo Mail users who get brokerage emails, e.g. trade confirmations, may be assigned to the investors group. While the exact classification and profiling system is unknown, it is clear that it uses information found in emails to profile users. The system places a cookie on users systems that identifies the interest groups the Yahoo user is associated with. Companies and advertisers may use the data to serve personalized advertisement to users and the paper suggests that Oath may also use receipts in the Yahoo Mail inbox as proof to advertisers that a particular campaign worked. Yahoo confirmed to The Wall Street Journal that it scans commercial emails only, and that the algorithms the company uses strip out personal information to make sure that those are not leaked in any way. The company claimed that the majority of emails that arrive in user inboxes are commercial in nature, and that the system is adjusted when the need arises to avoid wrong classifications and other issues. Yahoo customers have some options to deal with the email scanning: Close the account. Opt-out of interested-based ads and hope for the best. Closing an email account is problematic for a number of reasons. Users have to find another email provider, may want to back up all emails they received over the years, and may even want to keep the account open for a period to make sure no mail is lost. Closing the account may require that users change email addresses on websites, for instance those that they signed up for using the email address. One good option to back up all emails is the free MailStore Home software for Windows. It is capable of backing up all emails on the local system. You can read my review of MailStore Home here. The desktop email client Thunderbird is another option. Tip: Find out how to delete your entire Yahoo account. We published the guide after a Reuter's article suggested that Yahoo has been working with U.S. intelligence services to search all customer emails. Opt-out of interest-based ads on Yahoo Yahoo customers can opt-out of interest-based ads. Yahoo notes on the page that opting-out will stop the analysis of communication content for advertising purposes among other things. You can opt out of interest-based advertising, analysis of communications content for advertising purposes, and the sharing of your information with partners for data matching and appends using the tools on this page. Perform the following steps to opt-out. Visit The Ad Internet Manager page on the Yahoo website. Click on the opt-out button to opt-out of interest-based ads and thus also the analysis of communication content for advertising purposes. The button should change to a "opt-in" button after the request has been processed. Switch to "On Yahoo", and opt-out there as well. Note that the use of ad-blockers or content-blockers may prevent the opt-out from working correctly. Closing Words I don't know how good Yahoo's algorithms are to distinguish between commercial emails and others; the past has shown that it is tricky to get it right. Yahoo customers who use email may want to opt-out of the automated scanning to avoid any issues related to the scanning; some may want to create new email accounts at providers that don't scan emails or put privacy first. Examples of such providers are Startmail or ProtonMail. Now You: Would you use email providers that scan your emails for commercial purposes? Source
  3. Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in turn, causing the company’s stock prices to drop. According to reports, it is still unclear whether the proposed settlement will close the case, as one of the named plaintiffs in the suit did not agree to it. The settlement includes all those who purchased or acquired Yahoo securities on the open market between April 30, 2013, and Dec. 14, 2016. In the second half of 2016, Yahoo disclosed two massive breaches that compromised user account data, including names, email addresses, telephone numbers, dates of birth and hashed passwords. Initially, the company reported a 2014 breach, which it said had impacted roughly 500 million user accounts. Months later, it announced a separate breach that dated back to 2013. At the time, Yahoo said it believed one billion user accounts had been affected but it wasn’t until October 2017 that it confirmed that all three billion of its user accounts had been impacted. If the court approves the settlement, it will mark the first recovery in a shareholder lawsuit involving a data breach. Meanwhile, experts argue Yahoo will continue to face the fallout from the breaches that occurred several years ago. Despite the incidents, Verizon acquired Yahoo for $4.48 billion last year – $350 million less than the original $4.8 billion offer after the breaches were disclosed. Source
  4. A Canadian man accused in a massive hack of Yahoo emails agreed Friday to forgo his extradition hearing and go face the charges in the United States. Karim Baratov was arrested in Hamilton, Ontario, in March under the Extradition Act after U.S. authorities indicted him and three others, including two alleged officers of Russia’s Federal Security Service. They are accused of computer hacking, economic espionage and other crimes. An extradition hearing for the 22-year-old Baratov had been scheduled for early September, but he signed documents before a Canadian judge Friday agreeing to waive it. His lawyer, Amedeo DiCarlo, said that does not amount to an admission of guilt. DiCarlo said the move will accelerate the legal process and was the best way to speed up discussions with the U.S. prosecutor. U.S. marshals will soon be sent to fetch Baratov and take him to California, he added. U.S. law enforcement officials call Baratov a “hacker-for-hire” paid by members of the Federal Security Service, or FSB, considered the successor to the KGB of the former Soviet Union. He has Kazakh origins, arrived in Canada in 2007 and became a citizen in 2011. Alexsey Belan, one of the other suspects, is on the FBI’s list of most wanted cybercriminals and has been indicted multiple times in the United States. It’s not clear whether he or the other two defendants, Dmitry Dokuchaev and Igor Sushchin, will ever step foot in an American courtroom because the United States does not have an extradition treaty with Russia. The indictment identifies Dokuchaev and Sushchin as officers of the FSB. Belan and Baratov were allegedly directed by the FSB to hack into the accounts. DOJ Article FifthDomain Article Unsealed Court Order
  5. The simple line of code made it possible for attackers to view private Yahoo Mail images. Yahoo has decided to retire the use of the ImageMagick library following a researcher's disclosure of a simple way to break the system to cause email information leaks. Last week, security researcher Chris Evans demonstrated the exploit and released the details of the security flaw to the public. In a blog post, Evans said the so-called "Yahoobleed #1" (YB1) vulnerability is a way to slurp other users' private Yahoo! Mail image attachments from Yahoo servers. YBI utilizes a vulnerability found within the ImageMagick image processing software, an open-source image processor which provides the backbone for image handling used by many online services. Unlike previous out-of-bounds server side memory content leaks, such as Heartbleed and Cloudbleed, Evans says that Yahoobleed makes use of uninitialized memory. "An uninitialized image decode buffer is used as the basis for an image rendered back to the client," the researcher says. "This leaks server-side memory." "This type of vulnerability is fairly stealthy compared to an out-of-bounds read because the server will never crash," Evans added. "However, the leaked secrets will be limited to those present in freed heap chunks." In a proof-of-concept (PoC) demonstration, the researcher attached an 18-byte exploit file as an email attachment, emailed it to himself, and then click on the image to launch the image preview pane in order to show how it is possible to compromise a Yahoo email account. "The resulting JPEG image served to my browser is based on uninitialized, or previously freed, memory content," Evans said. The vulnerability lies in the obscure RLE (Utah Raster Toolkit Run Length Encoded) image format. An attacker could simply create a crafted RLE image, send it, and create a loop of empty protocol commands which prompts the information leak. Yahoo did not implement any form of whitelisting for ImageMagick decoders which allowed such malicious files to slip through the net. After submitting the one-line exploit to Yahoo, the tech giant decided that it was time to retire the open-source component altogether, rather than risk any other security flaws placing user emails at risk. The ImageMagick bug has been patched and Evans was awarded a bounty payment of $14,000. After declaring his resolve to give the cash -- a reward of $778 per byte -- to charity, Yahoo doubled the amount to $28,000. In March, four Russians were charged by the US Department of Justice (DoJ) with stealing the credentials of over 500 million user accounts from Yahoo. Article source
  6. Alleged Yahoo hacker, denied bail The Canadian hacker that US authorities believe to have been involved in the 2014 Yahoo data breach that exposed 500 million accounts has been denied bail. According to a report from Reuters, Karim Baratov will remain in custody until May 26, and a hearing on his extradition to the United States will likely take place on June 12. "Why would he stick around? He can continue his wealth-generating activities anywhere in the world," the judge said, deeming that Baratov would be a flight risk if given bail. Baratov faces multiple charges in the United States, including conspiracy to commit computer fraud, conspiracy to commit wire fraud and identity theft and could end up in jail for quite a few decades if found guilty on all charges. Baratov, of course, denies the accusations. His lawyer, Amadeo DiCarlo said he would consider appealing the bail decision if the court is unable to schedule an expeditious extradition hearing. A (mostly) Russian affair The United States says Baratov, alongside three other hackers, worked with Russian intelligence agents who paid him to break into at least 80 email accounts. Aside from him, the US has charged three other hackers, including two Russian spies, one of which is already under arrest in his home country under accusations of treason. The other alleged hacker involved in the data breach is Alexsey Belan, one of FBI's most-wanted cyber criminals. He was arrested in Europe in the summer of 2013 but managed to escape to Russia before he could be extradited. Truthfully, Baratov may very well be the only one of the bunch who will ever face trial in the United States as chances are slim to none that Russia would hand over any of the other three individuals, especially since there's no extradition treaty in place. Yahoo revealed the 2014 data breach in September 2016, saying that 500 million accounts had been exposed. Later, in December 2016, Yahoo came back out again and revealed that they'd also suffered a data breach in 2013 which exposed 1 billion accounts. Source
  7. Yahoo is in trouble.. again Yahoo is being sued for failing to properly oversee a $17 million fund it created to help Chinese writers, democracy advocates and human rights lawyers who were being persecuted for standing up against the country's government. The lawsuit was filed by a local group of political activists who claim senior executives with the company have turned a blind eye as Harry Wu, the fund's manager, illegally spent millions of real estate, hiked staff salaries and created a museum to document the history of Chinese labor camps, the New York Times reports. Wu, a Chinese dissident who died a year ago, spent less than 4% of the money for the actual purpose, the lawsuit claims. The activists aren't looking for much, but they demand that Yahoo replenish the trust, which has been depleted for the most part. Yahoo refused to comment on the situation, but that's pretty normal given how most companies refuse to offer comments in regards to ongoing litigations. This is a rather bad time for Yahoo to be hit with yet another lawsuit, as the final stages of its merger with Verizon Communications have been reached. The deal was supposed to close much earlier, but revelations regarding two massive data breaches that took place several years ago delayed the process and cut off some of the price put on the company. Dark roots The roots of this current lawsuit go back a few years to a rather dark moment in Yahoo's history. In 2007, the company acknowledged that it gave the Chinese authorities access to information that helped them identify subscribers in China whose emails had angered the government. Two activists were given decade-long prison sentences. To settle litigations at the time, the relatives of each of the two dissidents were given millions. Furthermore, Yahoo decided to create this $17 million humanitarian fund to help Chinese activitists and their families. It seems now that little was done to this extent as official filings of the foundation indicate only $700,000 were distributed. Source
  8. Sometime this summer, Verizon plans to rename two of its properties -- Yahoo and AOL -- as "Oath." The rebranding was apparently not meant to be made public just yet, but yesterday Business Insider cited unnamed sources who revealed the new company name. Not long afterward, AOL CEO Tim Armstrong confirmed the Oath moniker on Twitter. "Billion+ Consumers, 20+ Brands, Unstoppable Team. #TakeTheOath. Summer 2017," Armstrong tweeted yesterday afternoon. Verizon's $4.48 billion acquisition of core parts of Yahoo's business is expected to close sometime in the second quarter of this year. Verizon purchased AOL in 2015 for $4.4 billion. 'Someone Snitched' While Verizon hasn't provided any more details about the rebranding, its AOL property posted a brief update online under the headline, "Why Oath? Why Now? What's Next?" "Someone snitched," the update stated. "So now you know our name but just wait -- the fun really begins Summer 2017." Among the AOL and Yahoo brands that will fall under the Oath banner after the latest Verizon deal is complete are BrightRoll, Engadget, Flickr, The Huffington Post, Kanvas, Makers, MovieFone, TechCrunch and Tumblr. Combined the 25-plus media and technology brands reach more than 1 billion people. "With a house of brands as diverse as ours, we wanted a name that was values led -- one that honored our ultimate commitment of Building Brands People Love," the AOL statement said. "You won't see Oath everywhere. We'll put people and brands -- ours and yours -- first." Comparisons to 'Tronc' Quirky business names are nothing new: after all, Google, Twitter, Yahoo and Yelp weren't always household names. But the name Oath is being welcomed with some comparisons to another widely derided new corporate identity: the Tribune Company's 2016 rebranding as "Tronc." Yesterday, USA Today sportwriter A.J. Perez tweeted this response: "Tribune Publishing: 'We will now be known as Tronc.' Verizon: 'Hold my beer.'" Others on Twitter noted the new AOL-Yahoo name bears a close resemblance to "OAuth," the Open Authorization standard that enables online users to access third-party services without having to re-enter passwords for those account. "Waaaay too close to 'oauth' for 2 co.'s with massive data breaches," Twitter user Brad Dunshee said. Last year, Yahoo revealed major security breaches that exposed account information of more than 1 billion user accounts. Last month, the U.S. Department of Justice indicted four men, including two officers with Russia's FSB security agency, in connection with those hacks. In 2014, AOL also reported a security breach of its email service that's believed to have affected nearly a half million accounts. Meanwhile, the parts of Yahoo that aren't being acquired by Verizon are also expected to be rebranded. Those business operations will be renamed "Altaba," according to a filing with the U.S. Securities and Exchange Commission last month. Source
  9. Yahoo! open-source code fling builds a better Google, again Yahoo! last month married clustered compute to Google’s machine learning. The firm’s engineers released TensorFlowOnSpark (TFoS), getting the Google Brain Team’s machine-learning framework up and running on Spark and Hadoop clusters. Spark is the open-source cluster framework overseen by Apache and employed by Yahoo!, Netflix and others processing petabytes of data across thousands of nodes. TFoS code is available on GitHub under an Apache licence and for use on Amazon’s EC2. The idea of TFoS is deep learning on massively clustered systems – and all the benefits of processing and storage that entails – only in a Google-free setting and using an architecture that’s “easy” to build and that also delivers fast throughput. Not something that in building gets the job done, but with tradeoffs in the plumbing, like complexity or bottlenecks. They’ve also given Google’s TensorFlow a speed boost: an Infiniband-friendly protocol, freeing it from a rather restrictive marriage to Ethernet. Using TFoS you can run TensorFlow free of Google’s cloud and have it share servers already running other big-data apps and processes rather than dedicated clusters. It follows last year’s release of CaffeOnSpark from Yahoo! – Caffe being a deep learning framework. There already exist, of course, at least two projects aimed at getting Google’s ML framework running on Spark – SparkNet and TensorFrame. According to Yahoo!, though, they have problems – all related to hardwiring TensorFlow to Spark, a fact that makes installations complicated to set up and difficult to repeat. Also, TensorFlow processes cannot communicate directly with each other, which leads to delays and latency. Yahoo!’s answer is to use TFoS direct tensor communications among TensorFlow processes and therefore not to rely on Spark drivers. Yahoo!’s framework reads directly from HDFS files using file readers and QueueRunners while Spark RDD data is fed into a TensorFlow graph using the feed_dict mechanism. The search firm’s engineers have upgraded the TensorFlow plumbing for speed, using InfiniBand in-memory access. TensorFlow runs over Ethernet officially, but Yahoo!’s own Hadoop clusters employed Infiniband along with Ethernet. Yahoo!’s code is now on GitHub. Yahoo! has also released grpc protocol so that any Remote Direct Memory Access (RDMA) can go via InfiniBand. An RDMA rendezvous manager will now ensure tensors are written into remote servers’ memory with the time taken to reduce the creation of tensor buffers. Will this have any impact? Amazon Web Services last year moved to embrace MXNet as its chosen machine-learning framework. AWS has the scale of its cloud to make MXNet matter. Google, of course, has TensorFlow itself, which it open-sourced but which it will use as a means to cover itself in data and compute from those using the service. Facebook, meanwhile, is working on its own machine-learning models via its Applied Machine Learning to process billions of data points in posts. Yahoo!? If you think of Yahoo! at all these days, you’ll probably do so for the wrong reasons: massive hacks, gargantuan losses of personal data, the company’s failure as an early pioneer to see Google coming. In the near future, this one-time pioneer in internet search and ads will see its head added to the collection owned by faceless US telco Verizon, which includes that of another one-time internet pioneer and business giant – America Online. While all true, this simple analysis would misrepresent and overlook the impact of Yahoo!’s engineering achievements. Over the decades Yahoo! has contributed substantially to the greater good, publishing its own code as open source. Arguably Yahoo!’s greatest legacy once it is a division of Verizon will be big data, after one of its engineers – Doug Cutting – wrote an open-source implementation of Google’s MapReduce that became Hadoop. What followed was an entire ecosystem of startups and projects crunching data at scale – Cloudera, Hortonworks, MapR to name three in a market some calculate will be worth $50bn by 2020. Admittedly, it has been a slow start, with Hadoop held back by lack of skills and missing features that would let otherwise “ordinary” users install and run Hadoop. This has slightly helped firms like Cloudera and Hortonworks sell services. Also, Hadoop is no simple software purchase: Hadoop is a “platform sell”, meaning if you buy in, you are committing the architectural direction of your organisation to Hadoop, too – data, tools, development. This, on the other hand, has not helped firms like Cloudera and Hortonworks. That said, Hadoop users are no longer restricted to the Silicon Valley elite. It’s now employed by high-street names like Barclays and M&S in the UK. Yahoo! used Hadoop for years on its ads and search services. If past performance is an indicator of potential, TFoS is a potentially grand parting gesture from a firm that has achieved greater success with its code than with its business. Source
  10. Russia has denied any involvement in the 2014 hack of internet giant Yahoo, after US authorities charged four people over the incident. US Department of Justice (DoJ) officials charged two Russian spies and two criminal hackers in relation to the 2014 breach, which exposed around 500 million Yahoo accounts. According to the BBC, Russian officials have formally denied any involvement in the hack. “As we have said repeatedly, there can be absolutely no question of any official involvement by any Russian agency, including the FSB, in any illegal actions in cyberspace," said spokesman Dmitry Peskov. Reuters added that Russian officials also said they had received no official word from their American counterparts about the charges. All their information had been taken from media reports, Peskov said. Two of those charged, Dmitry Dokuchaev and Igor Sushchin, work for the FSB, Russia’s intelligence agency and successor to the KGB. The other two, Karim Baratov and Alexsey Belan, are considered career hackers. Belan is on the FBI’s Cyber Most Wanted list after two previous indictments on hacking charges. The DoJ’s charges allege that the FSB agents worked closely with Belan and Baratov and passed them information that would help them avoid detection by US authorities. They hacked into Yahoo’s database to target accounts belonging to Russian journalists, Russian and US government officials and employees of a Russian cybersecurity company. The charges included conspiracy, computer fraud and abuse and economic espionage. In total around 500 million accounts were compromised. It is further alleged that Belan used this access to steal credit card details and other financial details. It is also claimed that he sold details of 30 million accounts which were subsequently targeted by a spam campaign. According to Reuters, Canadian citizen Baratov has been arrested. The whereabouts of the other three is currently unknown, but reports suggest they are in Russia. There is currently no extradition treaty between Russia and the US, which could make bringing the suspects to trial difficult. At a press conference held to announce the charges, acting assistant attorney general Mary McCord said she was hopeful Russia would cooperate in bringing to criminals to justice, Reuters said. < Here >
  11. Yahoo's hackers finally face charges The US Department of Justice confirms that it has filed charges against two Russian spies and two criminal hackers for the 2014 Yahoo hack that exposed 500 million user accounts. The announcement was made at a news conference in Washington following rumors about the indictment from earlier today. This is the first time the United States government has criminally charged Russian officials for a cyber attack. The officers of the FSB, which is Russia's Federal Security Service, a successor of the KGB, were identified as Dmitry Dokuchaev and his superior, Igor Sushchin. They are both currently in Russia and chances are they won't ever see trial in the United States because there is no extradition treaty between the two countries. Dokuchaev is one of the two FSB officers arrested alongside Kaspersky manager Ruslan Stoyanov back in December and accused of treason over alleged cooperation with the CIA via an American company. One hacker was arrested The other two people accused are Alexsey Belan, one of the most wanted cyber criminals in the world, and Karim Baratov, Kazakgstan-born, but with Canadian citizenship. Baratov was already arrested this past Tuesday and his case is pending with local authorities since his arrest took place on Canadian territories. Belan was actually arrested in Europe back in 2013, but managed to escape to Russia before he could be extradited to the United Stated, the Justice Department said. "The criminal conduct at issue, carried out and otherwise facilitated by officers from an FSB unit that serves as the FBI's point of contact in Moscow on cyber crime matters, is beyond the pale," said Acting Assistant Attorney General Mary McCord. A mixed campaign The US officials say that the entire hacking campaign was planned by the FSB to collect intelligence, but the two hackers used the trove of data to line their pockets. They did this by forging cookies that told Yahoo's servers to allow them access to large numbers of email accounts without even needing the proper credentials. According to the indictment, the hackers wrote authentication cookies for use on their own computers, but also pushed these fake cookies to individual users they wanted to target. The team monitored over 6,500 accounts with this technique, the Department of Justice said. In September 2016, Yahoo revealed that they had suffered a data breach back in 2014. It said that it suspected "state-backed actors" to be behind the issue and it seems that their suspicions were true. The company revealed that 500 million accounts were affected by the breach. In December 2016, the company came forward once more and said that in 2013 it had been the victim of another data breach, this time involving 1 billion accounts. Source
  12. Yahoo was very nearly sold for a lot less Verizon was reportedly looking into shaving off $925 million off the Yahoo deal but only got to cut $350 off the final price. We can't really blame Verizon for wanting to cut down such a huge chunk of its deal with Yahoo given how months after announcing its intention to buy the ailing Yahoo, it got served the two largest data breaches in history. According to a filing, in February, Lowell McAdam, Verizon Chief Executive Officer, told Yahoo director Tom McInerney that they believed a $925 million price reduction could be appropriate following the damaging revelations. Therefore, Verizon Communications sought a price reduction that's almost three times larger than what it got away with. According to the latest announcement regarding the acquisition, Verizon will pay $4.48 billion for Yahoo, down from $4.83 billion, as it was originally announced, back in July 2016. It all started back in July when Verizon announced its plans to acquire Yahoo. As things seemed to be going great for the two companies, news came in September that a major data breach affected Yahoo back in 2014, exposing 500 million accounts, complete with passwords, contact details, security questions, and answers. If that wasn't bad enough, December came along and brought news that Yahoo was the victim of another data breach in 2013 when 1 billion accounts were exposed to hackers. More deal changes While Verizon may have only obtained a fraction of the price cut it was looking for, it did manage to get in some other alterations to the deal. "Verizon and Yahoo will share certain legal and regulatory liabilities arising from certain data breaches incurred by Yahoo," read an announcement made last month. Yahoo will be responsible for half of any cash liabilities incurred following the closing related to non-SEC government investigations, as well as third-party litigation released to the breaches. Any liabilities arising from shareholders and SEC investigations will continue to be Yahoo's irresponsibility. There are currently some 43 putative consumer class action lawsuits filed against Yahoo in the United States following the data breaches. The company is also under investigation by the SEC due to its failure to announce the investors of the data breaches in a timely manner. Source
  13. US investigators identify 4 people in Yahoo hack Four people are going to be indicted in the United States in relation to the Yahoo hacks that exposed hundreds of millions of user accounts. The Department of Justice is getting ready to file formal accusations against four individuals who have not been identified, a source close to the matter said, choosing to keep its name secret due to the sensitivity of the matter, Bloomberg reports. One of the individuals is apparently getting arrested in Canada, while the other three are still in Russia, possibly untouchable at this point given how there is no extradition treaty between the United States and Russia. The hacks were announced last year. In September, Yahoo said a 2014 data breach resulted in criminals extracting half a billion account details from its servers. In December, Yahoo admitted that another breach that took place in 2013 was actually worse and affected about 1 billion accounts. Documents filed a few weeks ago mentioned that Yahoo directors knew of the 2014 hack soon after it happened, but chose to stay silent on the matter. Data breaches nearly derailed Verizon deal The revelations of the security breaches Yahoo suffered came after the company reached a deal with Verizon regarding its acquisition. While Verizon wanted to shave off $925 million off the deal, they settled for a price trim of $350 million to $4.48 billion. Yahoo has said that it has been able to identify the intrusion associated with the 2013 breach, adding that the 2014 hack is believed to have been the hand of a "state-sponsored actors". They said that the subsequent cookie forging attack that took place was also the hand of the latter actor. Some 46 lawsuits have been filed against Yahoo over the data breaches and more are expected to come. Furthermore, Yahoo is being investigated by the Securities and Exchange Commission for failing to bring the data breaches to the attention of its investors in a timely manner. Source
  14. A recent regulatory filing from Yahoo has revealed more victims of its 2014 breach. This time, it is not just users but Yahoo's senior executives. Senior Yahoo staff are feeling the repercussions of the company's problems as it discloses that 32 million users may have been affected by the aftermath of its 2014 mega breach. Marissa Mayer, Yahoo's CEO, will personally lose her US$ 2 million (£1.6 million) bonus this year, along with her US$ 14 million (£11.4 million) equity grant which will go to Yahoo's 8,500 employees instead. Mayer published a short blogpost on 1st of March saying that she only learnt of the breach in September 2016 but because the incident happened on her watch, “I have agreed to forgo my annual bonus and my annual equity grant this year and have expressed my desire that my bonus be redistributed to our company's hardworking employees.” Yahoo's general counsel, Ronald Bell also resigned over the failure to report the breach. This news was revealed in the filing of the company's 10-K report in which Yahoo admits responsibility over failing to tell shareholders, users or the public about the breach. While senior executives and legal staff were aware of the incident, only 26 specifically targeted users were affected. It was later learnt that the scale of the breach was far bigger, potentially affecting 500 million users. The report notes: “It appears certain senior executives did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company's information security team.” While Yahoo's information security team knew that the adversary had stolen copies of user database backup files which contained personal data, “it is unclear whether and to what extent such evidence of exfiltration was effectively communicated and understood outside the information security team.” It was, according to an independent review, “ failures in communication, management, inquiry and internal reporting” which led to the 2014 breach not being disclosed until around two years later. Included in the 10-K is the revelation that that 32 million users were affected over 2015 and 2016 by the now-invalidated forged cookies. The report that could allow access to accounts without passwords. Yahoo believes the cookies to have been created from proprietary code stolen from Yahoo and are connected to the state-sponsored actors responsible for the long-quiet 2014 breach. The public disclosure of the breach was closely followed by another; that Yahoo had been hit again which attackers making off with the information of 1 billion accounts. The breach was labelled by some as the biggest breach ever recorded. Last week it was announced that Yahoo's final sale price in its acquisition by global media giant, Verizon would be discounted by US$ 350 million (£285 million). The deal was worked out in light of Yahoo's disclosures of the two breaches and the attendant legal problems that Verizon would have to adopt along with the company. Mayer will resign as Yahoo CEO once the sale is formally approved. Getting the board to pay attention to security has long been a concern of IT security professionals. Paul Edon, director at Tripwire, told SC Media UK that this sets an interesting precedent: “Whether or not this is a well orchestrated PR stunt from Mayer, it shows that data breaches are a problem that the board needs to be responsible for fixing. This case also underlines the importance of involving the CISO in board-level discussions because their proximity to the internal challenges and understanding of the associated business risks can help the board to appreciate the impact any future breach could have.” Paul Calatayud, CTO at FireMon told SC: “When Yahoo's CEO decided not to take her bonus, she accepted responsibility for failures from the breach. Some CEOs have been fired and it will be more common place for CEOs to be held accountable for breaches, especially if the CISO is smart enough to understand their true role within the organisation.” By Max Metzger https://www.scmagazineuk.com/yahoo-ceo-forgoes-bonus-as-32-million-breach-victims-revealed/article/641511/
  15. This time, it's about the forged cookies which granted hackers access to people's accounts without passwords Yahoo users may have had their accounts accessed by hackers without them even having to use passwords to get in, Yahoo is notifying users once more. Instead of passwords, hackers are believed to have used forged cookies instead of passwords. The issue had already been disclosed in the November 2016 SEC filing, but considering the size of the breaches the company disclosed in September and December, which affected 500 million accounts and 1 billion accounts, respectively, the issue went pretty much unnoticed. "Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account. We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016," reads Yahoo's warning to users. According to the company, the forged cookies have been invalidated, while Yahoo systems have been hardened in order to secure them against similar attacks. Of course, this is what everyone thought before the previously disclosed breaches too. "We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts," Yahoo adds. "Technical details of forged cookies attacks are unclear, but it seems that Yahoo had some serious problems with authentication and session management mechanisms. It's a good example of how an application logic flaw can cost millions. It's certainly the right decision to notify users, however such a delay, if not justified or excused, can trigger a collective lawsuit against Yahoo. Once GDPR will be enforced in May 2018, Yahoo may face huge fines for such undue delays bordering with negligence," security firm High-Tech Bridge CEO, Ilia Kolochenko, told Softpedia. Safety steps Users are advised to review all their accounts for suspicious activities, to be cautious of any unsolicited communications asking for their personal information or sending them to web pages asking for personal information, which may very well be phishing attacks. Avoiding to click on links and to download attachments is also a good way to keep yourself safe from various malware and ransomware attacks. Another advise Yahoo has for users is to start using the Yahoo Account Key, which basically turns your phone into your password. Every time you try to log into your account, instead of typing in your password, you'll see a notification on your phone's screen, which you can validate or not in order to permit access to your account. This new way to log in replaces the two-step authentication everyone (hopefully) had in place. While the breaches were well-known, the fact that people's accounts may have been accessed without their passwords went a bit under the radar. The question is, however, why Yahoo didn't notify users about this issue beforehand and why did they wait until the middle of February if the issue was known for so many months. Furthermore, it would be great if Yahoo started giving people access to their account activity history for more than the default 30 days so they can check whether anything bad actually happened. At the moment this is impossible. It remains to be seen whether this new revelation will affect the Yahoo-Verizon deal in any way, as it is already known that the September and December data breaches were a bit of a setback for the deal, which was expected to close by the end of the first quarter. Ref: < http://news.softpedia.com/news/yahoo-notifies-users-of-more-malicious-activity-512996.shtml >
  16. Rankaware 1.5.2 - 1 Year[365 Days] Promo by BitsDuJour Overview: If you call yourself an SEO Expert, you need to be able to provide your clients with immediate reports giving them insight into how their sites are doing across all of the major search engines. And if you’re tallying all of this information up by hand, you’re not going to be an expert for very long. The best SEO Experts have the right tools in their arsenal, tools like today’s discount software promotion, Rankaware! Rankaware lets you check search engine rankings, position changes, and keyword rankings across Google, Yahoo, and Bing. With Rankaware, you’ll be able to automatically bulk-check keyword rankings on all three search engines, while producing scheduled, branded, professionally designed reports for submission to your clients. In fact, all of your clients will be amazed at the level of detail that you can provide them, including intuitive charts and tables that are emblazoned with your company’s logo! So find out today how you can benefit from Rankaware’s intelligent self-learning technology and world-class user interface design, and start establishing yourself as the leader in SEO today! Features: Become a more proficient SEO Expert with this amazing tool Check search engine rankings, position changes, and keyword rankings across three major search engines Produce insightful reports for your clients complete with your company’s logo Include charts and tables that give your clients all the info they need Benefit from self-learning technology and a world class user interface More Info: Product Homepage Links: Offer: https://www.bitsdujour.com/software/rankaware-1-year/buy=true Note: Limited Period Offer. Expires in 24 hours. The program is available for $99.97, but it will be free as a time-limited offer. Current Status: Open. Terms: https://www.bitsdujour.com/software/rankaware-1-year Downloads: http://myrankaware.com/file/rankaware-win.exe
  17. Enough is enough already. Let's start at the beginning. In August 2016, we learned that a hacker known as Peace was offering for sale 200 million Yahoo user accounts on the dark web. More than a month later, the American tech company gave us some more awful news: a "state-sponsored actor" had hacked its computer system back in 2014 and compromised at least 500 million users' accounts. Some users of Yahoo's free web-mail subsequently sued the company as reports emerged that the breach could have affected computer users who didn't even own a Yahoo account. That was enough fishy business for BT and a number of other companies to begin investigating Yahoo. One security firm in particular said it had found evidence that hackers, not a state-sponsored actor, probably stole the account information of the 500 million users. Had Yahoo been wrong in its attribution? Or had it been trying to save face? Either way, things went downhill from there. Just a week later, news broke about how Yahoo had complied with a secret U.S. government directive to scan all of its users' incoming emails. The way in which the program was set up could have potentially allowed a hacker to read every single email sent over Yahoo's network, a fatal error which some EU policymakers hope the European Commission will invoke as a means to challenge the Privacy Shield data-sharing agreement. In the wake of the email spying programs, Verizon, which itself hasn't done the best job protecting users' privacy, said it could decide to reduce its offer to buy Yahoo for $5 billion if it doesn't decide to walk away from the deal entirely. Yahoo also inadvertently (or not) pushed back against users who decided to deactivate their Yahoo email accounts by disabling its auto-forwarding feature. To be fair, it could have done so for legitimate reasons, such as preventing hackers from auto-forwarding messages sent to users' compromised accounts. But it still hasn't gone over too well, with some users accusing the company of purposefully making that decision to prevent them from jumping ship. What a cynical move, if that's true. But at this point, it doesn't even matter. Users everywhere have seen enough to lose all of their trust in Yahoo. If you're a Yahoo user, it's time to move on and delete your account - even if that means setting up a new email account now and changing over all of your web subscriptions gradually. Here's some things to think about beforehand. Save your Contacts and Mail before you migrate No user wants to start over fresh and not have any of their contacts or messages saved. That's why it's important they take some time to make sure they can access these pieces of information from their new email account. Fortunately, this is all pretty easy to do. Yahoo has a feature that allows you to export your contact list to an importable file. Also, while the site doesn't come with a feature that allows you to export your mail, you can save all of your messages to your computer's hard drive if you have Outlook or Thunderbird retrieve them first. Alternatively, you can import them to your new mail service's depending to which mail provider you're planning to switch. (Google's Gmail comes with this feature, for instance.) Delete your Yahoo-owned accounts As a tech company, Yahoo owns a number of other smaller companies with which you might have accounts. It's important that you go through and separately delete all of those accounts, too. For example, here's how you can delete your accounts on Flickr and Tumblr, both of which are owned by Yahoo. How to delete your Yahoo account With those matters taken care of, it's time to deactivate your Yahoo account. 1. Sign into your Yahoo email. Enter the URL edit.yahoo.com/config/delete_user into the address bar and click Enter. Reenter your password to be brought to the Yahoo account termination page. 4. Read over the page. When you're satisfied with its contents, fill in your password and the CAPTCHA into the appropriate text fields and click the Terminate this Account button. 5. And that's all it takes. Yahoo says it will now delete your account in approximately 90 days. For now it has been deactivated (Yahoo says this is to protect against malicious account abuse, but presumably it also gives you the option of changing your mind if your realise you need to regain access to your Yahoo account for any reason). Get an account with a service like ProtonMail or another email provider that takes good care of your privacy and security. And enjoy saying goodbye to Yahoo for good. Source: https://www.grahamcluley.com/deactivate-yahoo-account/
  18. Yahoo Brings Email Forwarding Back After 'Platform Upgrades' Yahoo Mail users can now forward new emails to Gmail and other services. In light of recent hacking revelations at Yahoo Mail, some users could be looking to get out of the service. Yahoo Mail has re-enabled automatic email forwarding from one account to another, after it was previously disabled. It caused difficulty for users looking to migrate away from Yahoo after a massive data breach into its email service was revealed in September. Yahoo on Friday wrote in a blog post that "auto-forward is enabled again for all Mail users. We apologize for the interruption". Auto-forwarding is available on most popular email services, allowing users to try a new service without losing emails from their old address. Yahoo said Yahoo Mail has been upgrading its platform over the last year. Email forwarding was temporarily disabled as part of this process, suggesting it wasn't disabled specifically because of the hacking revelations. In September, Yahoo confirmed a data breach took place in 2014 that affected at least 500 million user accounts. It later said that a "state-sponsored actor" gained access to names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers. The mass data breach has thrown up red flags for Verizon, which is in the process of acquiring Yahoo for $4.83 billion. Verizon has "a reasonable basis to believe right now that the impact is material, and we're looking to Yahoo to demonstrate to us the full impact," Verizon's general counsel said on Thursday. Source
  19. It’s bad news for Yahoo. The company is in the midst of finalizing its sale to Verizon, but recent revelations about hacking and spying may be costing them a pretty penny. A story from the New York Post alleges that Verizon is now asking Yahoo for a hefty $1 billion discount to finalize what was supposed to be a $4.8 billion deal. (Full disclosure: TechCrunch is owned by Verizon, although we do not have any inside knowledge about this). “The key will be what was actually disclosed by Yahoo before signing,” Frank Aquila, legendary M&A lawyer and partner at Sullivan & Cromwell tells TechCrunch. “No one should be surprised that Verizon wants a significant reduction.” Yahoo confirmed in September that it had suffered a data breach affecting at least 500 million users. Information, including names, email addresses, birth dates, encrypted passwords and both encrypted and decrypted answers to security questions, were stolen in the breach, which Yahoo blamed on a state-sponsored attacker. Although the stolen passwords were encrypted, the additional information could easily be reused across other websites in identity-theft schemes. The breach occurred in 2014, but Yahoo discovered the intrusion more recently. The exact timing of Yahoo’s discovery could impact the Verizon deal. Yahoo CEO Marissa Mayer reportedly learned of the breach as early as July, when the sale of the company was still being negotiated. In August, Yahoo told TechCrunch in a statement that it was aware of rumors that the company had been hit by hackers and that its security team was investigating. But in a September proxy statement made as part of the sale, Yahoo claimed that there had been no third-party claims of such a breach. Senator Mark Warner has called for the Securities and Exchange Commission to investigate Yahoo’s representations about cybersecurity. “Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” Warner said in a statement. But that’s not the end of Yahoo’s cyber woes. The company faced allegations this week that it scanned all of its users’ emails last year at the behest of a U.S. intelligence agency. Again, the blame for the incident has fallen on Mayer, who reportedly made the decision not to fight the intelligence agency’s request in court and ordered the mail team to create the custom mail-scanning software without informing Yahoo’s own security engineers. The surveillance was not disclosed in Yahoo’s biannual transparency report, which documents government requests for user data. Yahoo called reports of the mail-scanning program “misleading” but has not denied that it ever occurred. Public investors have a right to know about significant events affecting the company, and it can easily be argued that these security breaches count. Verizon could make the case that these incidences hurt the value of the Yahoo brand and thus their stock. When asked about the hack in a televised interview with CNBC last week, AOL’s Tim Armstrong said “the data thing was something new that got introduced and we’ll work through that together with” Yahoo. He added that he wants to be “protective” of the Verizon shareholders. After ongoing rumors, the acquisition was formally announced in July. Deals like these typically take several months to close. Verizon also acquired TechCrunch’s parent, AOL, last year for $4.4 billion. We’ve reached out to our overlords at Verizon and they declined to comment. Source: https://techcrunch.com/2016/10/06/report-verizon-wants-1-billion-discount-after-yahoo-privacy-concerns/
  20. Yahoo's Spying Billboard: It Would ID You, Watch And Listen To Your Reactions To Ads Yahoo's idea is for the billboard's ad content to be based on real-time information about a crowd of people, who could be commuters on a train platform. Yahoo is exploring a smart billboard that would use microphones, cameras and other sensors to bring targeted advertising to outdoor displays. Hacked web giant Yahoo has filed a patent application for the ultimate ad-targeting system: a billboard that uses sensors to watch, listen and capture biometric data from the passing public. Yahoo, still in damage control from this week's claims that it helped the government spy on its email users, has filed a patent for smart technology that brings online ad-targeting capabilities to public billboards. The billboards would have cameras, microphones, motion-proximity sensors, and biometric sensors, such as fingerprint or retinal scanning, or facial recognition, according to the patent, which was filed last year but published on Thursday. The sensors would be used to measure engagement of passers-by. "For example, image data or motion-proximity sensor data may be processed to determine whether any members of the audience paused or slowed down near the advertising content, from which it may be inferred that the pause or slowing was in response to the advertising content (eg, a measurement of 'dwell time')," Yahoo writes. It could also use image or video data to determine whether any individuals looked directly at the advertising content. Alternatively, "Audio data captured by one or more microphones may be processed using speech-recognition techniques to identify keywords relating to the advertising that are spoken by members of the audience." As Yahoo explains, the ability to personalize ads for smartphones has made mobile the most efficient place to use marketing budgets, whereas digital displays in public spaces, which still attract ad dollars, remain stuck on old technology. But instead of individualizing ads, Yahoo's idea would be to 'grouplize', where ad content is based on real-time information about a crowd of people, who could be commuters on a train platform or cars passing by a freeway billboard. In the freeway scenario, the billboard would be placed near traffic sensors that detect the number of vehicles passing, their speed, and time of day. It might also use video to capture images of vehicles, and use image recognition to determine the maker and model of vehicles to distill demographic data. The billboard may also use cell-tower data, mobile app location data, or image data to "identify specific individuals in the target audience, the demographic data (eg, as obtained from a marketing or user database) which can then be aggregated to represent all or a portion of the target audience". Alternatively, it could use vehicle GPS systems to identify specific vehicles and vehicle owners. "Those of skill in the art will appreciate from the diversity of these examples the great variety of ways in which an aggregate audience profile may be determined or generated using real-time information representing the context of the electronic public advertising display and/or additional information from a wide variety of sources," Yahoo notes. It sees potential for the system to be integrated with existing online ad exchanges, allowing advertisers to reach across devices with the same ads. It also envisages extending the online ad model of auctioning billboard space to the highest bidder, with content determined by the group's characteristics. However, if the smart billboards did their job of "grouplizing" a group of young adult males, it might display a risqué dating site ad, Yahoo says. This approach might be acceptable to some on a phone, but dangerous on the freeway. Yahoo says it has an answer for this issue: "Any advertising content including video could, for example, be eliminated from the pool of available content or modified to remove video components." In May, New York Senator Charles Schumer called on the Federal Trade Commission to investigate the use of 'spying billboards', which he described as popping up in cities across the country. He warned that such technology may represent a violation of privacy rights, because of the way it tracks the individual's cell phone data, and constitute a deceptive trade practice. Source
  21. BT Yahoo! Customers: Why! Can't! We! Grrr! Delete! Our! Webmail! Accounts!? No delete until 'end of Sept'... Not the 2016 Sept, then BT customers are unable to delete BT Yahoo email services - despite an exodus of users seeking to leave the security-challenged webmail biz. Since allegations arose that Yahoo built an app to enable it to scan all of its users' emails at the request of US intelligence, many users have sought to delete their email accounts. That was in addition to Yahoo!'s confession last month that hackers had stolen the credentials for at least 500 million of its customer email accounts. BT had outsourced its webmail hosting to Yahoo - and has a total of 7 million accounts. BT had said a minority of its customer base had been affected by the breach, but declined to say how many. One of customer got in touch to report that BT customers are currently being locked into their BT Yahoo email service. A recent screengrab of a customer attempting to use this function seen by The Register reads: “Sorry the delete feature is currently unavailable. This feature will become available by the end of September." The customer said BT/Yahoo! had also made it impossible for BT customers to configure the forwarding of emails to a third party address from their BT Yahoo addresses. He said: "BT is being about as communicative as Trappist monks about this." He added: "BT refuse to acknowledge any contractual responsibilities to customers with regard to email as they see email as a freebie add-on to the broadband service." Other customers have also complained on BT's forum. One said: "Help! I have tried to delete email sub accounts but unable to do so. Any help and or advice will be greatly appreciated." Another complained: "It's October BTYahoo get it sorted or did you mean September 2020?" Apparently these problems also affect customers who have migrated to the new BTMail email provider Critical Path/Openwave. The Register contacted BT for comment yesterday. Source
  22. Yahoo was forced by a secret court order to build a tool that scanned all of its customers' emails for specific information supplied by US intelligence agencies. The report comes from Reuters, citing three sources who are familiar with the events. According to the report, the tool was built in 2015 at the behest of either the NSA or the FBI (it's not clear which, given the NSA usually funnels its requests through the FBI), according to the sources. Engineers at the company were told to build the tool "to siphon off messages containing the character string the spies sought and store them for remote retrieval," the report said. But weeks later, the company's internal security team -- at the time led by Alex Stamos, who left the company to work for Facebook in mid-2015 -- found out about the program. The team is said to have thought that hackers broke in. The report also said that a programming flaw could have allowed hackers into the stored emails. Stamos reportedly resigned as chief information security officer, said Reuters. (Stamos did not respond to the news outlet's request for comment, but we asked the company to comment regardless.) An NSA spokesperson did not immediately return a request for comment. The Foreign Intelligence Surveillance Court, which authorizes the government's surveillance requests, signed off on the unusual request, which is thought to be the first of its kind. But it's not known exactly who was the target of the broad request. Other companies may have also been served a similar demand, because it wasn't known which service the target's email account was hosted with. The court's work -- usually conducted in secret -- first became public after a FISA court order, leaked by whistleblower Edward Snowden, was published by reporters in June 2013, which detailed how Verizon was forced to turn over metadata on all its customers on a rolling basis. However, the government has used the court to push for more from US tech companies, including their source code. The vast majority of requests made by the government are accepted. At the last count, just 12 requests have been denied in the past four decades that the court has been operational. Source: http://www.zdnet.com/article/yahoo-secretly-scanned-customer-emails-for-us-intelligence/
  23. Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users. But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it's own security blunder. Recently the information security firm InfoArmor that analyzed the data breach refuted the Yahoo's claim, stating that the data breach was the work of seasoned cyber criminals who later sold the compromised Yahoo accounts to an Eastern European nation-state. Over 1 Billion Accounts May Have Been Hacked Now, there's one more twist in the unprecedented data heist. A recent advancement in the report indicates that the number of affected Yahoo accounts may be between 1 Billion and 3 Billion. An unnamed, former Yahoo executive who is familiar with the company's security says that the Yahoo's back-end system's architecture is designed in such a way that all of its products use one main user database (UDB) to authenticate users, Business Insider reported Friday. So all usernames and passwords that users enter to log into services like Yahoo Mail, Sports or Finance goes to this one central database to ensure they are valid, allowing them access. This central database is what got compromised, and therefore, it's quite difficult to believe that the hackers who compromised the whole database walk away with just a small bunch of "the core crown jewels of Yahoo customer credentials." Whoever carried out the hack not only stole usernames and email addresses of affected users but also pilfered other personal information, including their dates of birth, phone numbers, hashed passwords, and unencrypted security answers. So, it's unclear how Yahoo come up with the 500 Million number. The company had not commented further on how the data breach happened or when it was discovered, citing an active investigation. Yahoo! could have saved you, but decided not to: A lengthy report published by the New York Times seemingly explains that the company did not reset the passwords of its users after the breach due to the decisions made by Yahoo's CEO Marissa Mayer, who seemed to prioritize developing new products over making security improvements. The reason sounds stupid, as the article reads: If Yahoo had reset the passwords of its affected users, proper security measures would have been taken by users to protect their personal data from hackers. Let's see what new advancements come to this unprecedented data breach. Already, the Yahoo hack is believed to be one of the biggest in history, and the company is still trying to negotiate a deal to sell its core business to Verizon for $4.8 Billion. Yahoo! has yet to respond to the recent revelation by the insider. Data breach news has already magnified company's problems, but if breach number reaches Billion, would the company be able to save its acquisition deal? Let us know in the comments below... Source
  24. Yahoo! Couldn't! Detect! Hackers! In! Its! Network! But! Can! Spot! NSFW! Smut! In! Your! Office? Web giant offers open-source AI-powered X-rated pic hunter Having laid bare over half a billion usernames and passwords through meager funding and witless indifference, Yahoo! is putting its faith in artificial intelligence to protect people from bare skin. Yahoo! engineers Jay Mahadeokar and Gerry Pesavento in a blog post on Friday said the company has released an open-source model for detecting images deemed "not safe for work" (NSFW). "To the best of our knowledge, there is no open source model or algorithm for identifying NSFW images," the pair wrote. "In the spirit of collaboration and with the hope of advancing this endeavor, we are releasing our deep learning model that will allow developers to experiment with a classifier for NSFW detection, and provide feedback to us on ways to improve the classifier." Censorship has been something of a losing proposition for Yahoo!, from its role in the imprisonment of Chinese journalist Shi Tao over a decade ago to its over-enthusiastic spam filters. Nonetheless, the researchers argue that the prevalence of user-generated content makes filtering NSFW images essential for web and mobile applications. It may be essential for business models that rely on free labor producing content under the pretense of sharing, but that turns out to describe quite a number of internet companies. Alternatively, this software is going to be great for finding and identifying raunchy material on the web. Yahoo!'s software is a neural network model for Caffe, a deep-learning framework. There are other frameworks that experts in the field rate more highly, such as Torch. Yahoo! also relies on CaffeOnSpark, a framework for running Caffe on Hadoop and Spark clusters. The NSFW model is designed to take an image and output a smut probability between zero and one, though Mahadeokar and Pesavento note, "we do not provide guarantees of accuracy of output." Yahoo!'s researchers have declined to release their training images "due to the nature of the data," leaving readers to task of amassing a sufficiently large cache of indiscreet pictures to allow their computers to categorize what they're seeing accurately. One source might be Google's newly released Open Images library, a dataset of some 9 million URLs pointing at images which may or may not be subject to a Creative Commons Attribution license – Google advises verifying the licensing status of each image. Google intends for its dataset, produced in collaboration with CMU and Cornell universities, to help train neural networks. We're still waiting to hear from Google whether there are any images in the dataset that would warrant a Yahoo exclamation mark. Source
  • Create New...