Verizon reportedly looking for a $1 billion discount on Yahoo

Back in July, Verizon (the parent company of Engadget) agreed to acquire (most of) Yahoo for $4.83 billion, and normally, that would be the end of things. However, in the last few days, Yahoo confirmed it suffered a massive security breach in 2014, and reports claim that its security chief quit last year after discovering its participation in bulk US government surveillance of incoming emails. Now, the New York Post cites multiple sources claiming that executive Tim Armstrong is upset about the lack of disclosure and seeking to get out of the deal or cut the price.

Armstrong is reportedly in discussions with Yahoo executives over what to do next, while they push back against attempts to lower the price. The deal is supposed to close early next year, merging Yahoo’s advertising, content, search and mobile operations with AOL to reach some 1 billion users. Will that still happen? It’s unclear, but at this point, we don’t know what may come out next.

Source: New York Post

Yahoo Adapted Email-Scanning Spam Filter to Satisfy ‘Secret Court Order’ Related to Terrorist Hunt

Following a report yesterday that cited three former Yahoo employees who claimed the company built a program to scan every customer’s email for specific information at the order of the United States government, new pieces of information have surfaced in a separate article from The New York Times. Specifically, anonymous sources close to the matter said that Yahoo built the program by adapting a filter meant to scan email inboxes for child pornography, malware, and basic spam content.

Yahoo was said to have done this in order to “satisfy a secret court order,” created to require the company to search for content containing a specific computer signature related to online communications of an unspecified state-sponsored terrorist group. Two of the anonymous sources — referred to as “government officials” — mentioned the Justice Department received the order from a judge of the Foreign Intelligence Surveillance Court sometime last year, an order that Yahoo was “barred from disclosing” to the public.

Through its modifications to the spam filter program, Yahoo complied with the Justice Department’s order and made available any email that contained the signature, but as of now that collection method “is no longer taking place.” The order was described as “unusual” because it required the scanning of individual emails instead of user accounts as a whole, and was allegedly only given to Yahoo as other tech companies, including Apple, have said they never encountered such a demand.

In response to a request for comment, an Apple spokesperson told BuzzFeed News, “We have never received a request of this type. If we were to receive one, we would oppose it in court.”

A Microsoft spokesperson said, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

A Google spokesperson told BuzzFeed News, “We’ve never received such a request, but if we did, our response would be simple: no way.”

According to the sources, federal investigators learned last year that members of a foreign terrorist organization were communicating using Yahoo’s email service, through a method that used a “highly unique” designator, or signature, in each communication. Although built to look for specific content, the modified program’s far-reaching scanning of each user on the service brought about unrest in the user base when the original report came out yesterday. Yahoo’s compliance is also being contrasted to Apple’s obstinate response in its battle with the FBI earlier in the year.

After the news broke, Yahoo said that the Reuters story was “misleading” and that the email scanning outlined in the report “does not exist on our systems.” Compounding the company’s woes, last month Yahoo confirmed that “at least” 500 million user accounts were compromised during an attack in late 2014, leaking customer information like names, email addresses, telephone numbers, birthdates, hashed passwords, and both encrypted and unencrypted security questions and answers. In the midst of all of this, Yahoo’s pending acquisition by Verizon could potentially face negative effects.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Yahoo
Discuss this article in our forums

NYT: Yahoo reworked its malware scanner for email surveillance

Following a Reuters report that in 2015 Yahoo scanned customer emails for US surveillance, the New York Times has followed up with details from anonymous sources of its own. Although Yahoo responded a day later claiming the initial report was “misleading,” the NYT sourced unnamed government officials claiming the company modified a system used to scan all incoming email for malware that stored matching messages and made them available to the FBI.

In this version of the events, Yahoo was responding to a court order under section 702 of the Foreign Intelligence Surveillance Act (FISA) that governs the PRISM program exposed by Edward Snowden’s leaks. Although it’s unclear exactly what they were looking for, the court order targeted code believed to be used “uniquely” by a foreign terrorist organization.

Reuters has followed up with another report of its own covering similar details. Citing unnamed former Yahoo employees, it says security staff disabled the program when they found it, and it had not been re-enabled before former top security officer Alex Stamos left the company for Facebook last year. It also noted a statement from Senator Ron Wyden, expressing concern that the NSA may have expanded its targeting under Section 702 from email addresses and other identifiers to other content without notifying the public.

Yahoo declined to provide further details on the program or what details of the initial report were misleading, but between these revelations and news of a massive 2014 security breach, this probably isn’t over yet.

Source: New York Times, Reuters

Yahoo Secretly Scanned Millions of Customer Emails for U.S. Authorities

Yahoo secretly built a custom software program to search all of its customers’ incoming emails for specific information at the behest of U.S. intelligence authorities, according to people familiar with the matter.

Reuters spoke to three former Yahoo employees who revealed the existence of the custom code, apparently written in compliance with a classified U.S. government demand. The program scanned hundreds of millions of Yahoo Mail accounts for the NSA or FBI, said the former employees and a fourth person with knowledge of the events.

Surveillance experts say the revelation represents the first case to surface of a U.S. internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

According to two former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive did not sit well with some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos. Stamos now holds the top security job at Facebook, which incidentally just completed the rollout of end-to-end encrypted privacy features for its hugely popular Messenger app.

“Yahoo is a law abiding company, and complies with the laws of the United States,” the company told Reuters in response to the claims, but stopped short of denying them. It declined any further comment. The NSA referred questions to the Office of the Director of National Intelligence, which also declined to comment.

According to Andrew Crocker, an attorney with the Electronic Frontier Foundation, it’s likely the request invoked Section 702 of the Foreign Intelligence Surveillance Act, which permits the bulk collection of communications for the purpose of targeting a foreign individual. But rather than having a non-U.S. target, every single person with a Yahoo email inbox was placed under surveillance, regardless of citizenship.

Speaking to The Intercept, Crocker said the Yahoo program seems “in some ways more problematic and broader” than previously revealed NSA bulk surveillance programs like PRISM or Upstream collection efforts. “It’s hard to think of an interpretation that doesn’t mean Yahoo isn’t being asked to scan all domestic communications without a warrant or probable cause. The Fourth Amendment implications of that are pretty staggering.”

It’s unclear what data Yahoo may have handed over to the authorities, if any, and if intelligence officials had approached other email providers besides Yahoo with the same kind of request.

Contacted by The Intercept, an Apple spokesperson said: “We have never received a request of this type, and if we were to receive one, we would oppose it in court.” The spokesperson also pointed to a section from a recent public letter by CEO Tim Cook, which he said was still accurate:

Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

Facebook, Google, and Microsoft separately said on Tuesday that they had not conducted such email searches. “We’ve never received such a request, but if we did, our response would be simple: ‘No way’”, a spokesman for Google said in a statement. Twitter also said it has never received such a request.

In related news last month, Yahoo revealed that “state-sponsored” hackers had gained access to 500 million customer accounts in 2014. The revelations come at a sensitive time for the company as it tries to complete a deal to sell its core business to Verizon for $4.8 billion.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: Yahoo, privacy, Yahoo Mail
Discuss this article in our forums

Yahoo reportedly gave US government access to all users’ emails

According to Reuters, Yahoo provided US intelligence officials access to all of its customers incoming emails last year. The publication’s sources claim that the company had to comply with a classified request from the government, which allowed the National Security Agency and FBI to scan “hundreds of millions” of Yahoo Mail accounts.

To do so, Yahoo secretly built a custom software that officials could use to search emails for specific information, although it’s not known what exactly they were looking for. As Reuters notes, based on comments from surveillance experts, this marks the first time that an American internet firm has agreed to meet the demands from a US spy agency en mass.

Even if it was handed a classified directive, Yahoo seems to have opened the floodgates to the NSA and FBI, rather than offer access to clear-cut materials — like stored messages or specific accounts. And that could set a bad precedent. Since the Edward Snowden leaks, the relationship between tech companies and the US government has been rocky, with the likes of Apple, Google and Microsoft fighting hard to keep people’s private information secure.

Per the report, the decision to adhere to this request falls on CEO Marissa Mayer, and was apparently the reason Chief Security Officer Alex Stamos left Yahoo in 2015.

Developing…

Source: CNBC

‘Yahoo Newsroom’ App Launches With Curated Stories, Social Features, and More

Yahoo today announced the rebranding of its core mobile app to “Yahoo Newsroom,” where users can engage in conversations and social interactions about news relevant to their interests. The app makes it easy to discover new and breaking stories through a range of topics the company is referring to as “Vibes.” Yahoo describes each Vibe as a “forum where you read, react, and debate topics that you care about.”

With every Vibe followed, the app’s newsfeed “will adjust to include the stories and conversations that matter most to you,” and the more the app is used, more user-specific content will appear for each person. Users can also post articles into various Vibes, along with their opinion on the subject, so other users can comment and begin a discussion.

What’s exciting about this experience is that it empowers our community of hundreds of millions of global users to participate in and help shape the conversation. You can now post articles from around the web – with your reactions – directly into specific “Vibes” to spark a discussion. Yahoo’s personalization technology ensures that people who share your interests will see your posts and be prompted to join the conversation.

The company hopes that Yahoo Newsroom encourages users to participate in discussions on a wide range of topics while being “free from social pressure” that might be present in other communities. Yahoo says its new app is specifically aimed at exploring the Vibes curated for you with “people that share your interests, not ‘friends’ on social media.”

Those interested can check out Yahoo Newsroom on the iOS App Store today for free. [Direct Link]

Tags: Yahoo, Yahoo Newsroom
Discuss this article in our forums

Yahoo open-sources machine learning porn filter

Yahoo is the latest tech company to open source its computer vision code. The beleaguered outfit’s application for it? Filtering porn. Yahoo hopes that its convolutional neural net (CNN) will empower others to better guard innocent eyes, but admits that because of the tech’s very nature (and how the definition of “porn” can vary wildly), that the CNN isn’t perfect.

“This model is a general purpose reference model, which can be used for the preliminary filtering of pornographic images,” a post on the Yahoo Engineering Tumblr says. “We do not provide guarantees of accuracy of output, rather, we make this available for developers to explore and enhance as an open source project.” The code is available on Github at the moment, and if you need any testing material, well, there isn’t exactly a shortage of it on Tumblr. Just ask Indonesia.

Via: VentureBeat

Source: Github, Yahoo Engineering (Tumblr)

The Engadget Podcast Ep 8: He’s Simple, He’s Dumb, He’s the Pilot

On this week’s episode managing editor Dana Wollman, reviews editor Cherlynn Low and senior editor Devindra Hardawar join host Terrence O’Brien to discuss Elon Musk’s plans to colonize Mars, racing 3D boats in Red Hook and the over-simplification of “the cyber” at the first presidential debate.

The Flame Wars Leaderboard

Wins

Loses

Winning %

Chris Velazco
3
1
.750
Christopher Trout
2
1
.666
Dana Wollman
4
2
.666
Devindra Hardawar
7
6
.538
Cherlynn Low
6
7
.461
Nathan Ingraham
4
6
.400
Michael Gorman
1
2
.333

Relevant links:

• Yahoo confirms over 500 million users affected in 2014 breach
• Roku’s new players start at $30, and they make 4K and HDR cheaper
• Elon Musk’s grand plan to colonize Mars
• This is how SpaceX plans to send people to Mars
• How a 3D-printed boat race united a Red Hook community
• In hacking, the blame game is purely for entertainment
• Engadget’s guide to the 2016 presidential candidates

You can check out every episode on The Engadget Podcast page in audio, video and text form for the hearing impaired.

Watch on YouTube

Subscribe on Google Play Music

Subscribe on iTunes

Subscribe on Stitcher

Subscribe on Pocket Casts

Yahoo reportedly downplayed security for years

That massive Yahoo hack might have been less of a one-off disaster and more a symptom of larger, systemic problems with security at the internet pioneer. New York Times sources claim that Yahoo made security a relatively low priority for years, prioritizing convenience when possible and reacting only after serious incidents (such as bug bounties following an account breach in 2012). Reportedly, the company even skipped out on safeguards that are considered virtually mandatory in many places — CEO Marissa Mayer rejected a password reset out of concern that it would drive users away from Yahoo Mail.

The company took a big step by hiring chief information security officer Alex Stamos, who implemented valuable measures like widespread encryption, collaboration on threat data and “red teams” that broke into Yahoo systems to see how vulnerable they were. However, Mayer supposedly fought with Stamos’ group, depriving it of resources and stalling the implementation of vital features like intrusion detection. Many of its security staffers have left for Silicon Valley mainstays like Apple, Facebook and Google, according to insiders.

A spokeswoman suggests to the Times that things are on the mend. It spent $10 million on encryption in 2014, and that its security investments jumped 60 percent between 2015 and 2016. Yahoo has a “deep understanding” of online threats, the representative says, and it tries to “stay ahead” of those dangers to keep you safe.

If the report is accurate, though, it hints that the increased spending might be necessary for catching up. It’d be an acknowledgment that the company’s previous focus on ease of use over security was too risky, and that whatever inconveniences you suffer from added security are far, far more preferable to losing sensitive info to hackers. And lax security doesn’t just scare away some customers — it could even jeopardize that lucrative Verizon deal.

Source: New York Times