Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Yahoo!

Yahoo Fixes Flaw Allowing an Attacker To Read Any User's Emails (zdnet.com) 16

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.
Mozilla

Mozilla Puts New Money To Use Fighting For 'Internet Health' (cnet.com) 110

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.
Businesses

CNN Acquires Social-Video Startup Beme, Co-Founded By YouTube Star Casey Neistat (variety.com) 62

CNN announced Monday that it has purchased video-sharing app Beme, and will work with its founder, Casey Neistat, to build a new media brand next year focused on storytelling for a younger audience. Casey Neistat is a YouTube celebrity and tech entrepreneur who launched Beme last year. Variety reports: CNN said the new venture that it's forming out of the acquisition -- aimed at reaching millennial viewers with the street cred of Neistat's reporting and commentary -- will launch in the summer of 2017. All 11 of Beme's employees will join CNN; the cable news network will be shutting down Beme, which had garnered more than 1 million downloads. New York-based filmmaker Neistat, who has more than 5.8 million subscribers on YouTube, announced earlier this month on his channel that he would be suspending his personal vlog to focus on new projects, one of which turns out is the pact with CNN. His daily vlog dispatches cover current political and news events as well as action sequences like his viral "Snowboarding With the NYPD" video last winter. Led by Hackett, formerly VP of engineering at Yahoo's Tumblr, Beme's development team will "build technology to enable the new company and also develop mobile video capabilities for CNN's portfolio of digital properties," according to the Turner-owned cable news network. Neistat, 35, will lead the new venture's "editorial vision" as executive producer. CNN said it will employ its global resources to launch the new media brand, and plans to hire dozens of producers, builders, developers, designers and content creators for the new company. CNN said the new Beme-based company will operate as a standalone business under the CNN Digital umbrella.
Google

Online Pranksters Mock Trump's $149 Christmas Ornament, Rename Trump Tower on Google Maps (yahoo.com) 524

An anonymous reader quotes a Digital Trends story about a suspicious malfunction on Google Maps: At some point yesterday, Donald Trump's Fifth Avenue home was given a rather unceremonious rechristening, and a search for "Trump Tower" revealed a pin for "Dump Tower" instead. It was rather tricky to find for some, and required zooming in on the building itself at just the right angle (which is perhaps how the culprit got away with the stunt in the first place). At a separate angle, someone else (or perhaps the same person) transliterated the skyscraper's name in Russian Cyrillic, perhaps meant to be a jab at Trump's alleged ties to President Vladimir Putin and company... While the team [at Google Maps] managed to put out this first fire, another quickly arose to take its place (as is often the case on the internet), and later in the day on Saturday, Trump International Hotel and Tower in Columbus Circle was renamed Dump International Hotel and Tower. Meanwhile, another anonymous reader writes: Earlier this week Donald Trump emailed his supporters selling a $149 collectible "Make America Great Again" Christmas ornament finished with 14k gold, to raise money for both his campaign and the Republican party. But Yahoo News reports that it's now getting some suspicious negative (and politically-charged) reviews on its page on Amazon. ("One Star. "It tried to put my nativity figures into an internment camp.") And another reviewer even wrote a satirical story about how their family decided on the ornament for the tree. "During our family meeting we overwhelmingly chose the other ornament but somehow we still ended up with this one. We're not sure what happened."
Google

Google Sends State-Sponsored Hack Warnings To Journalists and Professors (ibtimes.co.uk) 69

An anonymous reader shares an IBTimes report: Numerous journalists and professors are taking to social media to report that they have received an alarming message regarding state-sponsored hacking when accessing their Gmail or other sites that use their Google account. Journalists who received the warning include Nobel Prize-winning economist and New York Times columnist Paul Krugman, New York magazine's Jonathan Chait, Politico's Julia Ioffe, GQ's special correspondent Keith Olbermann, Vox's Ezra Klein, Yahoo News' Garance Franke-Ruta, and one of President Barack Obama's former speechwriters, Jon Lovett. The warning says, "Google may have detected government-backed attackers trying to steal your password." These warnings are being sent by Google since 2012 but Twitter has erupted with a flurry of people in the media and academic community receiving this in the past 24 hours.
Businesses

The Internet Association, Whose Members Include Amazon, Facebook and Google, Writes Open Letter To Donald Trump (cnet.com) 19

The Internet Association -- a group of 40 top internet companies including Airbnb, Amazon, Facebook, Google, LinkedIn, Netflix, Twitter, Uber and Yahoo -- issued an open letter on Monday that congratulates Donald Trump on his victory and offers a long list of policy positions they hope he'll consider during his time as president. From a report on CNET:That list includes:
Upholding Section 230 of the Communications Decency Act so internet companies can't get sued easily for things their users say or do online.
Upholding Section 512 of the Digital Millennium Copyright Act so internet companies can't get easily sued if they quickly remove copyrighted content that users upload (such as infringing photos and YouTube videos).
Reforming the 30-year-old Electronic Communications Privacy Act -- "Internet users must have the same protections for their inbox as they do for their mailbox," states the association. Supporting strong encryption (Trump called for a boycott of Apple when it refused to comply with an FBI order to unlock an iPhone linked to terror.)
Reforming Section 702 of the Foreign Intelligence Surveillance Act, which lets the NSA collect online communications without a warrant.
Providing similar copyright protections for companies that operate outside the US.
Reforming the US Patent Office to deter patent trolls, a term for companies that sue other companies based on patents without actually producing new products.
Here's the full list.
Yahoo!

Some Within Yahoo Knew of Massive Breach in 2014 (usatoday.com) 30

Some within Yahoo knew of a massive data breach that compromised its network when it occurred in 2014, not in late September, when it was first disclosed. From a report on USA Today: An independent committee of Yahoo's board, which launched an internal probe in August to learn more about the state-sponsored attack that affected data belonging to at least 500 million members, discovered that staff knew of the attack two years ago. "The company had identified that a state-sponsored actor had access to the company's network in late 2014," the company said In a filing with Securities and Exchange Commission.
Government

Edward Snowden Kills Team Trump's Conspiracy Theory By Explaining How The FBI Can Quickly Comb Through Email (geekwire.com) 488

FBI director James Comey told Congress Sunday that the further investigation of emails related to Hillary Clinton didn't turn up anything that would cause the bureau to recommend charges against her. The FBI had reviewed over 650,000 emails under nine days. Upon hearing this, GOP presidential candidate Donald Trump and his supported started to question whether the FBI could go through all those emails in such a short period of time. We will never know for sure until the FBI explains its process to us all (which is unlikely to happen), so people turned to Edward Snowden over the weekend for answers. And Mr. Snowden didn't disappoint. From a report on GeekWire: How easy would it be to cull out the duplicate emails? Outspoken journalist Jeff Jarvis posed that question to Snowden in a tweet, and got a quick response: "Drop non-responsive To:/CC:/BCC:, hash both sets, then subtract those that match. Old laptops could do it in minutes-to-hours."
United States

Secret Service, DHS Scramble To Secure America's Election (yahoo.com) 360

Secret service agents rushed Donald Trump off a stage in Nevada Saturday night, CNN reports. "A scuffle could be seen breaking out in the audience, but it was not immediately clear what happened... Secret Service and police tactical units rushed in to detain a man [who] was then rushed by a throng of police officers, Secret Service agents and SWAT officers armed with assault rifles to a side room... A law enforcement official told CNN no weapon was discovered. The GOP nominee was apparently unharmed and returned to the stage minutes later to finish his speech." Meanwhile, an anonymous reader writes: "All but two U.S. states have accepted help from the U.S. Department of Homeland Security to probe and scan voter registration and election systems for vulnerabilities, a department official told Reuters." Ohio is relying on the National Guard's cyber protection unit, while Arizona says they've held discussions with the FBI, DHS and state-level agents on cyber security. But in addition, "U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News."

American officials believe Russian hacking efforts will continue through 2018, according to the Wall Street Journal. "By hacking and dumping emails, Russia is trying 'to denigrate the American electoral system, to make it look chaotic, make it look manipulable, make it look subject to intrusion, cheating and vulnerable so you can't trust it...to make us look no better than the Russian electoral system,'" said one senior White House official. Russia is also expected to extend their efforts toward elections in Europe.

Government

The FBI Spent Two Years Investigating An Online Cult That Didn't Exist (muckrock.com) 134

A two-year FBI investigation apparently centered on the satirical web site "GodHatesGoths". Long-time Slashdot reader v3rgEz writes: In 2005, the FBI launched an investigation into the "Church of the Hammer," a fundamentalist Christian sect which called for the wholesale slaughter of practitioners of the goth subculture. Two years later, the investigation was closed, on grounds that the Church didn't exist. The FBI's threat assessment detailed "an extremely right-wing Christian group that adheres to a Middle Ages Catholic text called the 'Malleus Malificarum.'" But MuckRock.com reports that "The Bureau's main source on the case was a goth who had engaged with members of the Church via their Yahoo Group...trying to dispel their misconceptions about the relationship between the subculture and Satanism." After two years of scouring through crime databases and making phone calls to the Salem police department, FBI investigators actually visited the GodHatesGoths web site -- which turned out to be a parody.
Canada

Montreal Police Monitored iPhone of La Presse Journalist Patrick Lagace (www.cbc.ca) 56

Montreal police have reportedly spied on La Presse journalist Patrick Lagace, tracking his cellphone calls, texts, and locations. According to Legace, the police department "obtained the court-authorized search warrants because they believed the target of one of their investigations was feeding him information." However, he said "the story in question was actually first reported on by a competitor, leading him to believe the investigation was actually a thinly veiled attempt to learn the identity of the sources within the police department." CBC.ca reports: La Press reported Monday at least 24 surveillance warrants were issued for Patrick Lagace's iPhone this year at the request of the police special investigations unit. That section is responsible for looking into crime within the police force. The warrants were used to track Lagace's whereabouts using the GPS chip in his iPhone. The warrants also allowed police to obtain the identities of everyone he spoke to or exchanged text messages with during that time. It's part of a "culture shift" among law enforcement and judges that began with the passing of Bill C-51 under the previous Conservative government, he said. Henheffer pointed to other recent cases where law enforcement has been spying on journalists or fighting for them to turn over the names of anonymous sources in court. In September, the Surete du Quebec seized Journal de Montreal reporter Michael Nguyen's computer because they believed he illegally obtained information cited in a story he wrote. At the same time, the RCMP has been trying to get a reporter from Vice News to hand over background materials used for stories on a suspected terrorist. Last May, CBC News revealed that a rogue group of Mounties investigating the leak of a secret document spied on two Canadian journalists for more than a week without any authorization.
Privacy

WhatsApp-Facebook Privacy U-Turn Now Being Probed by EU Data Watchdog (techcrunch.com) 25

European privacy regulators have fired a warning shot to Facebookâ(TM)s WhatsApp and Yahoo, saying they sent letters to the companies expressing concerns about possible violations of the bloc's data-protection rules. From a TechCrunch report: A seismic shift in privacy policy by messaging app WhatsApp this summer, when it said it would begin sharing user data with parent company Facebook including for ad targeting, has now attracted the attention of European's data protection watchdog group, the Article 29 Working Party. The WP29 group wrote to WhatsApp founder Jan Koum yesterday, setting out its concerns about the privacy policy U-turn -- including how the shift was communicated to users. "The Article 29 Working Party (WP29) has serious concerns regarding the manner in which the information relating to the updated Terms of Service and Privacy Policy was provided to users and consequently about the validity of the users' consent,"it writes. "WP29 also questions the effectiveness of control mechanisms offered to users to exercise their rights and the effects that the data sharing will have on people that are not a user of any other service within the Facebook family of companies."
Yahoo!

Verizon Says Yahoo Name Isn't Going Away (cnet.com) 27

Verizon is treading carefully with Yahoo, but still wants to seal the deal. From a CNET report: "The deal makes strategic sense," said Marni Walden, the executive vice president of business innovation for Verizon and the person who pushed for the acquisition. "We won't jump off of a cliff blindly." She continues to believe there's value in the Yahoo name, noting that it won't go away if Verizon completes its acquisition. Brands like Yahoo Mail and Yahoo Finance still draw plenty of eyeballs, and offer the kind of audience that Verizon and AOL lack, she said during a keynote session at The Wall Street Journal Digital conference on Wednesday. Her comments come just weeks after Yahoo disclosed a 2014 breach exposed at least 500 million accounts, making it the worst hack in history. Shortly after, reports found that Yahoo had participated in a government program to sniff user emails, further eroding trust. Verizon said this all had the potential to cause a "material impact" to the deal, which could mean Yahoo takes a reduced price or the deal falls through altogether.
Government

Yahoo Scanning Order Unlikely To Be Made Public: Reuters (reuters.com) 61

An anonymous reader quotes a report from Reuters: Obama administration officials briefed key congressional staffers last week about a secret court order to Yahoo that prompted it to search all users' incoming emails for a still undisclosed digital signature, but they remain reluctant to discuss the unusual case with a broader audience. Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters' disclosure of the massive search. But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said. The decision to keep details of the order secret comes amid mounting pressure on the U.S. government to be more transparent about its data-collection activities ahead of a congressional deadline next year to reauthorize some foreign intelligence authorities. On Tuesday, more than 30 advocacy groups will send a letter to Director of National Intelligence James Clapper asking for declassification of the Yahoo order that led to the search of emails last year in pursuit of data matching a specific digital symbol. The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a "facility" in such a case: instead, the word usually refers to a phone number or an email account.
The Media

More NFL Players Attack Microsoft's $400M Surface Deal With The NFL (yahoo.com) 236

An anonymous reader writes; "These tablets always malfunction," complained one NFL offensive lineman in January, foreshadowing a growing backlash to Microsoft's $400 million deal with the NFL to use Surface tablets. Friday the coach of the San Francisco 49ers and their controversial quarterback Colin Kaepernick both complained they've also experienced problems, with Kaepernick saying the screen freezes "every once in a while and they have to reboot it."

Friday Microsoft called their tablet "the center of the debate on the role of technology in the NFL," saying they deeply respect NFL teams "and the IT pro's who work tirelessly behind the scenes to help them succeed." It included quotes from NFL quarterbacks -- for example, "Every second counts and having Microsoft Surface technology on sidelines allows players and coaches to analyze what our opponents are trying to do in almost real time." But Yahoo Finance wrote that "The quotes read like they were written by the Microsoft public relations team," arguing that Microsoft's NFL deal "has been a disaster... The tablets failed to work during a crucial AFC Championship game last January -- again for the New England Patriots... sports media interpreted that the malfunction benefited the Broncos on the field, giving the team an unfair advantage -- the very last thing Microsoft's tablets, meant to aid coaches in their play calling, should be doing."

The NFL issued a statement calling Microsoft "an integral, strategic partner of the NFL," adding "Within our complex environment, many factors can affect the performance of a particular technology either related to or outside of our partner's solutions."
Communications

Russians Seek Answers To Central Moscow GPS Anomaly (yahoo.com) 176

stevegee58 writes: Russians have been noticing that their GPS doesn't work in Moscow near the Kremlin. Everyone from taxi drivers to Pokemon Go players suddenly notice that they're transported 18 miles away at the airport when they near the Kremlin. While this may be an annoyance to the public it seems like a reasonable countermeasure to potential terrorist threats. Is it only a matter of time before other vulnerable sites such as the White House or the Capitol in Washington start doing the same? "A programmer for Russian internet firm Yandex, Grigory Bakunov, said Thursday his research showed a system for blocking GPS was located inside the Kremlin, the heavily guarded official residence of Russian President Vladimir Putin," reports Yahoo. "The first anomaly was recorded in June, according to Russian media reports, which have also suggested that the GPS interference comes and goes in a pattern. Putin's spokesman Dmitry Peskov said Thursday he did not know why the malfunction was occurring and admitted experiencing the problem himself when driving recently. Peskov redirected questions to Russia's Federal Guards Service, which is responsible for protecting the Kremlin and senior Russian officials."
Windows

Macs End Up Costing 3 Times Less Than Windows PCs Because of Fewer Tech Support Expense, Says IBM's IT Guy (yahoo.com) 524

An anonymous reader shares a report on Yahoo (edited): Last year, Fletcher Previn became a cult figure of sorts in the world of enterprise IT. As IBM's VP of Workplace as a Service, Previn is the guy responsible for turning IBM (the company that invented the PC) into an Apple Mac house. Previn gave a great presentation at last year's Jamf tech conference where he said Macs were less expensive to support than Windows. Only 5% of IBM's Mac employees needed help desk support versus 40% of PC users. At that time, some 30,000 IBM employees were using Macs. Today 90,000 of them are, he said. And IBM ultimately plans to distribute 150,000 to 200,000 Macs to workers, meaning about half of IBM's approximately 370,000 employees will have Macs. Previn's team is responsible for all the company's PCs, not just the Macs. All told IBM's IT department supports about 604,000 laptops between employees and its 100,000+ contractors. Most of them are Windows machines -- 442,000 -- while 90,000 are Macs and 72,000 are Linux PCs. IBM is adding about 1,300 Macs a week, Previn said.
Security

HackerOne CEO: Every Computer System is Subject To Vulnerabilities (cnbc.com) 49

An anonymous reader writes: Every computer system in the world is vulnerable to hackers and criminals, according to Marten Mickos, CEO of HackerOne. That's nothing new with major data breaches at Yahoo and the federal government. But not to worry, teams of ethical hackers could be an answer to the growing cybersecurity concerns. "There are far more ethical hackers, white hat hackers, in the world than criminals," Mickos told CNBC's "Squawk Alley" on Thursday. "So when you just invite the good guys to help you, you will always be safe. It's like a neighborhood watch. You're asking the good guys around you to help you see what's wrong with your system and help you fix it." Mickos has assembled 70,000 white hat hackers in his venture-backed company HackerOne. He explains the intent of white hat hackers is to hack for good and not for exploitation.
Yahoo!

Yahoo Wants To Know If FBI Ordered Yahoo To Scan Emails (onthewire.io) 90

Reader Trailrunner7 writes: In an odd twist to an already odd story, Yahoo officials have asked the Director of National Intelligence to confirm whether the federal government ordered the company to scan users' emails for specific terms last year and if so, to declassify the order. The letter is the result of news reports earlier this month that detailed an order that the FBI allegedly served on Yahoo in 2015 in an apparent effort to find messages with a specific set of terms. The stories allege that Yahoo complied with the order and installed custom software to accomplish the task. Yahoo officials said at the time the Reuters story came out that there is no such scanning system on its network, but did not say that the scanning software never existed on the network at all. "Yahoo was mentioned specifically in these reports and we find ourselves unable to respond in detail. Your office, however, is well positioned to clarify this matter of public interest. Accordingly, we urge your office to consider the following actions to provide clarity on the matter: (i) confirm whether an order, as described in these media reports, was issued; (ii) declassify in whole or in part such order, if it exists; and (iii) make a sufficiently detailed public and contextual comment to clarify the alleged facts and circumstances," the letter says.
Google

Google Reveals It Received Secret FBI Subpoena (theintercept.com) 61

An anonymous reader quotes a report from The Intercept: Google revealed Wednesday it had been released from an FBI gag order that came with a secret demand for its customers' personal information. The FBI secret subpoena, known as a national security letter, does not require a court approval. Investigators simply need to clear a low internal bar demonstrating that the information is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." The national security letter issued to Google was mentioned without fanfare in Google's latest bi-annual transparency report, which includes information on government requests for data the company received from around the world in the first half of 2016. Google received the secret subpoena in first half of 2015, according to the report. An accompanying blog post titled "Building on Surveillance Reform," also identified new countries that made requests -- Algeria, Belarus, and Saudi Arabia among them -- and reveals that Google saw an increase in requests made under the Foreign Intelligence Surveillance Act. But Google in its short blog post did not publish the contents of the actual letter the way other companies, including Yahoo, have done in recent months. Asked about plans to release the national security letter, a Google spokesperson told The Intercept it will release it, though it wouldn't say when or in what form it will do so. Google hasn't previously published any national security letters, though it's possible gag orders for prior demands are still in place. It's also unclear why Google wouldn't immediately publish the document -- unless the gag is only partially lifted, or the company is involved in ongoing litigation to challenge the order, neither of which were cited as reasons for holding it back

Slashdot Top Deals