Yahoo

Yahoo Inc has named well-known security researcher Alex Stamos as its chief information security officer, tapping a vocal critic of the U.S. government's secret surveillance programs for the position.

Stamos was one of the primary organizers of TrustyCon, a gathering of prominent technology experts last month who had pulled out of the RSA security conference in San Francisco amid growing discord over some technology companies' cooperation with U.S. intelligence-gathering efforts.

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

After the NSA leaks began last summer, tech companies asked for permission to reveal more information about what kind of user data they provide in response to Foreign Intelligence Surveillance Court orders.

The attack on Yahoo that started with the theft of user credentials from a third-party database highlights the risk of sharing usernames and passwords across multiple websites.

Yahoo reported Thursday that attackers using computer software used the stolen credentials to log into Yahoo Mail accounts and search for names and email addresses on sent emails. Upon discovering the attack, Yahoo shutdown access to the affected accounts, alerted users and asked that they reset their passwords.

Yahoo said it is resetting passwords for some of its e-mail users after discovering a coordinated effort to compromise accounts.

Another now-closed bug in Yahoo's servers have revealed that it was running an old server kernel allowing root access to its system, according to security researcher Ebrahim Hegazy.

Hegazy found that by manipulating one of the parameters in the URLs used in Yahoo Mail, he could cause the server to execute system commands remotely.

On Saturday, Fox IT, a security firm in the Netherlands, discovered that some visitors to Yahoo.com over the last few days have been infected with malware. Visitors to pages with malicious ads were redirected to sites armed with code that exploits vulnerabilities in Java and installs a variety of different malware.

Following news of the exploit, Yahoo has issued two statements to the press, but so far nothing on its public Tumblr blog, where it provides updates on products and services. On Saturday, a Yahoo spokesperson said:

Marissa Mayer has apologized for last week's Yahoo Mail outage. But worse than the missing email may have been Yahoo's handling of it.  Yahoo CEO Marissa Mayer offered an apology on Friday, Dec. 13, for an email outage that for some Yahoo Mail users had begun on Monday.

"This has been a very frustrating week for our users and we are very sorry," Mayer said in a post on her Tumblr blog.

Bloomberg is reporting that a U.S. Securities and Exchange Commission (SEC) request has resulted in Yahoo disclosing on December 9 that 31 percent of its latest quarterly revenues are attributable to the search deal it forged with Microsoft.

As the December 10 Bloomberg report noted, that's substantially more than the 10 percent of sales Yahoo had publicly claimed that it was earning from the Microsoft pact.

Yahoo is expanding its efforts to protect its users’ online activities from prying eyes by encrypting all the communications and other information flowing into the Internet company’s data centres around the world.

The commitment announced Monday by Yahoo Inc. CEO Marissa Mayer follows a recent Washington Post report that the National Security Agency has been hacking into the communications lines of the data centres run by Yahoo and Google Inc. to intercept information about what people do and say online.