Former Yahoo CEO Marissa Mayer Apologizes For Data Breach, Blames Russians

Former Yahoo chief executive officer Marissa Mayer apologized today for a pair of massive data breaches at Yahoo and blamed Russian agents on the growing number of incidents involving major U.S. companies. A reader shares a report: "As CEO, these thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users," she told the Senate Commerce Committee, testifying alongside the interim and former CEOs of Equifax and a senior Verizon Communications executive. "Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

My product sucks so

[OffTheLip]

blame Russia. I sense a pattern here.

Re:My product sucks so

blame Russia. I sense a putin here

Re:My product sucks so

[Mitreya]

I sense a pattern here.

Also We're sorry.
No one takes responsibility, no one invests in better security, but they are sorry.

Re:My product sucks so

[Thud457]

They're in our Thoughts and Prayers.

It's the least we can do.

Re:My product sucks so

[avandesande]

Russian consultants told them to store plain text passwords.

Re:My product sucks so

[redshirt]

While she's at it, she can also blame NFL player protesters, Equifax, Super Storm Sandy, and 9-11.

Re:My product sucks so

[ScentCone]

Try to keep it together until the impeachment, ok?

Wow, sounds exciting! Hey, could you run down the list of specific crimes for which that impeachment is going to take place? Thanks.

Re:My product sucks so

[gander666]

But, Hillary. And Benghazi...

Re:My product sucks so

[david_thornley]

Violations of the two emoluments clauses should do nicely.

Re:My product sucks so

[ScentCone]

I can't teach all treasonous Republikkkan faggots how to read, not enough time.

In other words, you've got nothing. Thanks!

Re:My product sucks so

[ScentCone]

Violations of the two emoluments clauses should do nicely.

Cool! So, obviously there are any number of faithful career federal law enforcement people who have the same evidence you do of actual violations. Gotcha! These must be brand NEW violations, of course, since there hasn't been any such thing to pursue for the last year. The two violations you seem to have secret knowledge of, and won't detail here beyond vague hand-waving, must have occurred... since last week, maybe? I'm sure some of the rabid anti-Trump news outlets would love the scoop if you'll share with them.

Re:My product sucks so

[david_thornley]

Trump has been getting paid by the Feds for putting Secret Service agents in his properties. This is unconstitutional. It would have to be dealt with by Congress, which is abdicating its responsibilities. The press has mentioned the acts, but more as examples of impropriety than violations of the Constitution. In the meantime, people keep talking about the Article I emoluments clause that covers all Federal officials, including the President, and not Article II, Secion 1, paragraph 7:

The President shall, at stated Times, receive for his Services, a Compensation, which shall neither be increased nor diminished during the Period for which he shall have been elected, and he shall not receive within that Period any other Emolument from the United States, or any of them.

Reading the Constitution now and then is edifying and can be fun.

Re:My product sucks so

[ScentCone]

So you must be REALLY relieved now that that criminal Joe Biden is out of office, since he was charging the Secret Service rent to house people on his property in Delaware, right? Right? No? They just haven't gotten around to arresting him for that yet? No? I see.

Re: My product sucks so

[Reverend+Green]

Vladimir Putin left dirty dishes in my sink! He didn't even rinse them!

Re:My product sucks so

[ScentCone]

Your laughable moral relativism is hilarious, truly. In other words, you really are fine if the people at the top of the administration charge the Secret Service rent on their properties, as long as it's the next guy in line to be president, and not the MORAL OUTRAGE of it being the guy he works with as his boss. So, if Obama had been hit by lightning, and Biden suddenly became president, THEN you'd have suddenly considered his making money off of security detail to be an impeachment-worthy activity. But morally and ethically, it was just fine an hour earlier. Gotcha!

It's becomming a fad these days ....

[Jerry]

losers blaming Russians for their own incompetency.

Re:It's becomming a fad these days ....

[guacamole]

Thanks Obama!

Re:It's becomming a fad these days ....

[ripvlan]

so right. The tone of the transcript is "yeah - we really had no chance against those big bad Russian guys. We kept everyone else out...but not those guys " Russia is hacking everything in sight - gosh none of us stand a chance.

Plus - it's a diversion. "ignore the man behind the curtain" -- "look! Squirrel... and Moose too" Pin it on that Russian voter thing - ignore Yahoo. Look at that other guy.

RUSSIA

[amiga3D]

It's always a good idea to blame other's for your incompetence. If it wasn't the RUSSIANS it'd be the CHINESE or the INDIANS or some other nation. Cyberspace is like the wild west. Strap on a six shooter and defend yourself.

Re:RUSSIA

[bluefoxlucid]

That's the thing: as a project manager, I look at things we would do differently next time. Factors outside our control are explanations, but not excuses.

It's kind of annoying that, as a Democrat aligned with the Democratic party philosophies, I have to keep pointing out that Hillary wrote a whole god damned book about why she lost the 2016 election--and blamed everyone else. H.R. McMaster had written a book called "Derelection of Duty" for which he was criticized in reviews because he didn't address the superior strategy and military power of the Vietcong; yet he did exactly what he should have done: he addressed everything the American administration did wrong, because we can't expect the Vietcong to play along nicely in the war.

Yes, the Russians are coming to hack you. Yes, that's going to cause an uptick in incidents, regardless of what you do. Now harden up and figure out how you're going to keep this shit to a minimum, because that's your job, and it's the only thing you have control over.

Re:RUSSIA

[ctilsie242]

A car example of this would be someone who leaves their keys in an unlocked vehicle. First, someone from Lower Elbonia steals the car. Then, someone from Latveria. Then, someone from Cobra Island, and then someone from the Greater East Asia Co-Prosperity Sphere. Yes, one can blame these countries, but there is also the issue that anyone from anywhere could see the car keys and want to go for a ride.

There comes a point where, yes, a theft is a theft, but there needs to be some culpability in failing to secure things. At least Europe is taking steps to break the "security has no ROI" cycle with the GDPR. It is not perfect, but losing 4% of total earnings is a pretty big incentive to actually spend some on basic security design [1]. Security isn't rocket science. Good security practices have been around since the Cold War era, and OPSEC practices have been around since people started trying to kill each other in groups.

Good security can be done. It is just bothering to spend the resources to do so.

[1]: For example, it isn't hard to secure a database. I've seen a startup use transparent encryption through a HSM to ensure that an intruder isn't going to be able to dump the DB and make off with the goodies. If those guys could do it, a well-heeled company can easily implement this, plus many other defense in depth measures. To secure AD, it isn't hard to set up policies requiring 20+ characters for service accounts, and a short (3-5 minutes) lockout period for user accounts, coupled with a real time monitoring system to catch brute force attempts.

Re:RUSSIA

[NicknameUnavailable]

It's kind of annoying that, as a Democrat aligned with the Democratic party philosophies, I have to keep pointing out that Hillary wrote a whole god damned book about why she lost the 2016 election--and blamed everyone else.

Not sure how awake you are in this regard, you seem moreso than most, but Hillary is a direct pawn of the Rothschilds, they have an enormous amount of dirt on her and Trump is looking to seize power from their global network of such pawns. Hillary fucked up massively and she's literally in panick-cover-her-ass-mode because things like the Clinton body count are just what she had access to do, the people above her control the wealth and power of entire small nations to themselves.

She still deserves to be shot for treason of course, and the DNC is well on their way to throwing her under the bus so they don't go down with her, but it is worth understanding why she's going on a non-stop tour to blame everyone else.

Just remember, when she sent a desperate email to one of the Rothschilds apologizing for something and asking what she owed to make up for her mistake - she had a brace on her foot the following month (incidentally, the same brace Wiener and McCain wore on the same foot around the same time.)

Re:RUSSIA

[phantomfive]

Nice post.

Re:RUSSIA

[bluefoxlucid]

I prefer incompetence to giant conspiracy theories.

I also prefer the Party as a legally-established entity with a set of declared principles rather than a social club, which is why I'm perfectly-fine pointing to everyone in the party and assaulting their policies, protocol, and general behavior. We could use some new leadership, and not Bernie Sanders--not unless you want a Democratic Party even less fiscally-responsible than the Republicans.

I wish Sarbanes or some equivalent would pull a 2020 Presidential run. Someone who says, "Hey, here's a problem impacting the American people; here's a reasonable solution; let's do this." Instead we have people who are like "let's raise taxes 15%-20% and create big, unmanageable systems where a much-smaller, more-manageable, better-engineered system would still provide big-government welfare to everyone!" Case in point: ginormous single-payer system at $2.4 trillion (adding $1.8 trillion per YEAR to our spending) versus a public healthcare option adding only $0.2 trillion to our spending before accounting for cost-controlling policies. Both will ensure 100% of Americans have healthcare coverage. Which one does the Party call for, with its greater goal of building a better welfare state? The expensive, fiscally-irresponsible one.

I need to figure out how to fundraise properly. I can win this election, but not with at least $50k--and it's more like $100k if it's going to be mine to freely win or lose on merit instead of on money (or lack thereof).

Re:RUSSIA

[NicknameUnavailable]

The only principle the Democratic party has ever had was to allow the "elite" to control people. Everything they've said over the years has been toward that end and no other. This is why the Saudi princes being rounded up is a big deal (Human trafficking and extremist support for the Clintons and Bushes.) It's also why the Hollywood stuff happening right now is important. The "elite" control their political pawns by getting dirt on them so vile and repugnant that it cannot be washed of, essentially pizzagate plus cannibalism. It's been going on since before the world wars, Hell, it's what allowed them to control people into starting the world wars. The only difference now is that people are so well connected and information flows so freely that it is difficult to keep everyone in the dark or even to kill off the few who aren't because the ones who aren't are just too large a number (even if still in the single digit percentage of the population.) Draining the swamp is going to take time, but when it's done it will be unlikely that the globalists won't be rounded up.

Re:RUSSIA

[The+Cynical+Critic]

This is even slightly funny when you remember how a number of the NSA documents Snowden leaked talked about how the NSA liked Yahoo for the reason that they didn't really keep their software up to date and thus made hacking them much easier than hacking their competitors.

Kind of funny how corporate CEOs always characterize their own failures, large or small, the fault of someone else. Makes you wonder if this complete lack of humility and introspection is part of the reason why they've risen to the position CEO in the first place.

Canada

[tsa]

What happend to good old Blame Canada?

Re:Canada

[Mashiki]

It was replaced. First by 4chan, then gamergate, and now Russia. Blaming someone else is the typical cop-out by people who refuse to take responsibility for their actions(or in-action).

Re:Canada

[Baron_Yam]

>What happend to good old Blame Canada?

They're not even a real country anyway.

Re: Canada

[Ash-Fox]

Are you actually under the insane impression that Gamergate is remotely innocent?

You're saying we shouldn't trust all the authorities that investigated and found nothing of consequence and not treat it as such? If they have done something illegal, I implore you to expose them, with the full evidence that will lead to their prosecution.

Re:Canada

[boudie2]

>What happend to good old Blame Canada?

They're not even a real country anyway.

Oh we're still here. We're just keeping politely quiet while the rest of the world wonders WTF is going on with the U.S.

Re:Canada

[tsa]

I also would stay quiet as a mouse with all that shit happening just over the border.

Re: Canada

[Mashiki]

Are you actually under the insane impression that Gamergate is remotely innocent? Because if so, you should really try what I'm smoking.

The FBI couldn't find any proof, so you tell me. The only proof they found was of 3rd party trolls, that was it. If you think gamergate is responsible for 'harassment' or 'doxing' or whatever bullshit some socjus is pushing, you should really dig into it more. It's kinda like how Sarkeesian cancelled a talk at a university in response to a gun threat(how it was presented to people by the media). The truth is that the state is open-carry, and they refused to comply to any of her demands regarding it. This was then followed up by Kotaku who said there was a bomb threat the day(or two after). Which happened 6 months before that. On the other hand? There's plenty of evidence of the big name anti-gamergate people simply being shitty humans. You've got the list of them who have been convicted by courts for rape/sexual assault, then the others who've been accused. Then the others who called in bomb threats to synagogues. Then there's the others that engaged in doxing and harassment, but that's a whole 'nother topic. I'm sure you might bring up "seattle4truth" but never mind that he'd been banned from every chan board, reddit sub, and ignored by anyone relating to GG roughly 3 months in. Went slowly insane, went anti-gg, and then went full conspiracy retard. But then I can always bring up the anti-gg die-hard feminist who blew his girlfriends head off. So you enjoy that shitshow.

Or you can go visit one of the anti-gg boards on reddit, and enjoy the shitshow of identity politics, active doxing, threats and harassment.

Then, we can get into garbage like this. Where the media is outright lying to you, and blaming gamergate when it didn't even exist yet. Are you paying attention to the bullshit being painted now? It's just like the garbage yesterday with "Trump and a koi pond and the 'international incident'" Never mind that Trump dumped the food in after Abe(who dumped ~1/3 of a box). Go on, watch those videos. It'll only take you 15 minutes, enjoy the lies, enjoy the bullshit while you're at it.

Re:Canada

[Ol+Olsoc]

>What happend to good old Blame Canada?

They're not even a real country anyway.

Oh we're still here. We're just keeping politely quiet while the rest of the world wonders WTF is going on with the U.S.

Release the Geese!

Back in 1984

[cloud.pt]

I love how every single US problem these days is insta-mitigated with "blame the russians".

Re:Back in 1984

[thinkwaitfast]

I don't even recall this happening during the cold war.

Re:Back in 1984

[Ol+Olsoc]

I love how every single US problem these days is insta-mitigated with "blame the russians".

I like how people say everyone is saying all problems are the fault of the Russians.

I don't know that some Russians messed with Mayer's Yahoo or not, because the security breach was just one facet of her remarkable incompetence.

But in a matter involving the internet, and with some group performing the breach, it just might be a group based in Russia. Mayer et al might just be able to figure out who was responsible - this is not impossible to do. You do know that I hope. So I give her a fair possibility of being correct in this matter, hedged with her propensity to make excuses.

But no, all of the US's issues are not "the fault of the Russians". But evidence is accumulating that some of it is related in very interesting and proveable ways, even the information that is in the public sphere. So while you might be tired of hearing that, it does not make it any less true. Unless of course, you are of the bent that declares anything you disagree with as fake news.

Re:Back in 1984

[Ol+Olsoc]

I don't even recall this happening during the cold war.

We didn't have the internet then.

Re:Back in 1984

[cloud.pt]

I guess we need a law against cold war denials then, like the germans needed one for Holocaust deniers...

Re:Back in 1984

[cloud.pt]

The US is getting hacked every day by every country. But the only ones you hear about on the news are Russia, China and NK.

It's very easy to attempt to extrapolate that all attacks are state-sponsored when you are so biased by media and politicians that only attacks from these countries actually exist. It's like something erased from the memory of all (even tech-savy) americans the fact that most Internet services and servers are based in the US, and it is an obvious honeypot for everything hack-centric.

And even if state-sponsored, how many countries, including the US, undergo sponsoring of their own hacking schemes? Has it been that long since Snowden? Or maybe he was a Russian spy since he went to Russia and all...

Re:Back in 1984

[cloud.pt]

Just adding an observation: Marissa Meyer is using public opinion. It's how every big corp or politician responde to any committee or cour hearing that has public access. Why bother with a legal defense that you know will find fault in your work, when you can blame it on the usual suspects, and then the problem is no longer yours by default?

The only real defense for mediocrity is contrast ©

Re:Back in 1984

[Ol+Olsoc]

The US is getting hacked every day by every country. But the only ones you hear about on the news are Russia, China and NK.

That's so incorrect as to expose some truths about you.

Ashley Madison, Equifax, Experian, MySpace, Home Depot and many more are not attributed to Russia, China, or North Korea.

Dmitry Dokuchaev is presumably tied to the Yahoo Breach.

It's very easy to attempt to extrapolate that all attacks are state-sponsored when you are so biased by media and politicians that only attacks from these countries actually exist.

But you see, that's all a story in your mind, or one that you are paid to speak about. There are many data breaches. You can read about them here https://www.usatoday.com/story...

I purposely used about as mainstream a source as possible - USA today. Not a breath about Russia, China, or North Korea.

Hacking can be done for many reasons. State strategic, criminal pecuniary, Penetration testing, or even as a form of entertainment by some folks.

You have to look at the hackee or the target to come up with likely suspects. You can do that. The only murky one here is the Ashley Madison hack. Very possibly Australian, but almost certainly not state. The others have some fairly obvious sources.

So would a penetration tester have hacked the DNC?

Would a criminal pecuniary hacker have hacked it?

We're pretty much left with hacking for the Lulz or state actor.

Yahoo? Equifax? almost certainly criminal pecuniary hacking.

Your premise that mainstream media only focuses on and only attributes hacking to Russia, China or North Korea is just completely wrong, as anyone who actually looks at the news can attest.

I'd call it a strawman argument if the "facts" weren't 100 percent false. So I'm being kinda kind here.

Re:Back in 1984

[cloud.pt]

So we're at quote-based Ad hominem and other falacies now. Good to know where this is going.

Full disclosure: I'm in research. I'm European. I have 0 geographical bias - I am literally in the middle of the situation. I digest everything from RT to CNN with a grain of salt, even The Guardian, especially wikileaks. But your opinion is already formed so I doubt any of this means anything - according to you, Russia cares so much for controlling outlets, it's even paying me to have an argument here. I want my paycheck.

Thanks for linking a list of hacks. Unfortunately, it's very easy to show one good source, then neglect the fact that TV and social media aren't hammering "That Russian/China/NK Threat" down your eardrums and eyeballs every single second of the day. Even all the Trump-Russia ties are getting to a point they smell like reverse psychology from the Trump social media machine (which has so many unbiased sources at this point I dont even need to link them).

I fail to see any logic when somebody makes an argument neglecting something like the grey hat community, in the same country there are multiple conventions for such types, attended publicly by: 1. penetration testers; 2. criminals (at least according to your FBI. Wannacry "hero" anyone?)

Lulz. Yeah blame it on anon. Or betetr yet - blame it on foreign states. When you get to a point even Discovery channel has weekly programming dedicated to interviewing past CIA/NSA/Pentagon contractors demeaning foreign states with vague commentary (protected by confidentiality and whatnot), you know exactly the kind of propaganda being spread. But hey, at least it's on a Science channel right?

You can call strawman on whatever you feel like, but I have the feeling that the moment you need to name the falacies, this discussion has gotten to a point we might as well agree to disagree. You consider yourself so smart that it clouds your assertiveness, and I don't keep arguments going with geometric shapes.

Re:Back in 1984

[Ol+Olsoc]

So we're at quote-based Ad hominem and other falacies now.

Okay, allow me to attempt to get you off of your tactice of fallacy accusations. In argument simply accusing someone is insufficient, you have to explicitly point out th efallacy and suggest alternative. So instead of statements, I am moving to questions.

1. Is politically oriented hacking existent or nonexistent?

2. Is russian state hacking what is referred to as "Fake News?

3. Should Americans have any concern about hacking?

4. Should Americans and their media simply STFU?

5. Should America prohibit publication of any articles that mention Russian involvement?

6. As a researcher, do you have evidence supporting or debunking Russian involvement?

I've tried to distill these down to the argument at hand, and in the spirit of discussion, my answers to the question on order are:

1. Existent

2. Some is, and some isn't.

3. Yes.

4, No

5. No

6. Of course, I don't know, but am very interested in any verifiable data you might care to share.

We are in some rather difficult times right now, and ar ein the process of correcting the situation. Many people in other countries have difficulties understanding that we air our dirty laundry quite publicly, and do not find that to their liking. I am not accusing you of that - just in case you want to accuse me of another straw man argument. But it is true how we tend to work as a nation. This is a generalization. This is not a declarative statement that all Americans are this way.

As America goes through this process, I personally expect a lot of non-American people to get really tired of a lot of American media news. That is just an opinion, not a fact. Perhaps it would be better for those with that temperament to avoid American news in order to not be upset. Just a suggestion.

Interestingly enough, many of the people in America who will be negatively affected by this adjustment also think the media is making way too much of all of these things.What that means in the bigger picture is a matter for others to speculate upon, I make no argument either way.

Do you enjoy arguing with a person who engages in passive aggressiveness when he gets tired of you? I find it annoying, amirite?

As a non related to the discussion question, do you mind if I use your "Quote based Ad hominem" line? I just love it.

Marissa Mayer @ Google

If you ever wondered what Marissa Mayer was like at Google, check out "I'm Feeling Lucky: The Confessions of Google Employee Number 59" by Douglas Edwards.

Re:Marissa Mayer @ Google

[Spy+Handler]

Perhaps someone who has read the book should summarize for us. I don't really feel like ordering the book, wait for it to arrive, and then wade through 300 pages of what Douglas Edwards's life was like at Google just to find the 2 paragraphs on Marissa Meyer.

Am I missing something?

[Scarred+Intellect]

"Unfortunately, while all our measures helped Yahoo successfully defend against the barrage of attacks by both private and state-sponsored hackers, Russian agents intruded on our systems and stole our users' data."

So, while they were successful, they weren't? Or are these supposed "Russian agents" somehow not private or state-sponsored?

Re:Am I missing something?

[bluefoxlucid]

Could be saying that they had measurable, but not total, success.

Re:Am I missing something?

"Everything is different, but the same... things are more moderner than before... bigger, and yet smaller... it's computers... San Dimas High School football rules!"

Re:Am I missing something?

[anegg]

Apparently *NO ONE* could be expected to maintain security of their systems in the face of the Russian agent onslaught. (eyeroll)

This might be true if the hack was a really clever attack (like Stuxnet). Whether or not "it was the Russians" is a meaningful defense can't be judged without knowing whether the attack was met with the relative resistance of putting a finger through wet tissue paper or something more difficult, like stealing the gold from Fort Knox. It is unlikely that Yahoo (or anyone else) is going to be totally forthcoming about what they were and weren't doing for infosec just before they got hacked. Honest and deep root cause analysis is hard enough when the only expected audience is internal.

Re:Am I missing something?

[AHuxley]

If it was a movie with a fictional plot?
The state-sponsored agents presented to be USA law enforcement, walked on site to upgrade their state-sponsored clone of the US PRISM systems in a different room?
https://en.wikipedia.org/wiki/...
Another nation has their own "Room 641A" all over the USA https://en.wikipedia.org/wiki/... ?
They had nice suits, a real looking badge, knew the code words, the secret handshake and had a real looking gov letter.

I really don't see how this ends well

[SlaveToTheGrind]

When we reach a point where Russia is reflexively blamed for every hack or hack attempt, every piece of questionable news, every disagreeable online posting, and every boogeyman in the closet, it's just a matter of time before the mob reaches a true fever pitch and declares the world would be sunshine and unicorns again without Russia.

And that's when things really start to go sideways.

Re:I really don't see how this ends well

[mrbester]

Reds under the beds. Makes me feel nostalgic.

Re:I really don't see how this ends well

[SlaveToTheGrind]

Yes, history doesn't repeat itself, but it often rhymes.

Re:I really don't see how this ends well

[Ol+Olsoc]

When we reach a point where Russia is reflexively blamed for every hack or hack attempt, every piece of questionable news, every disagreeable online posting, and every boogeyman in the closet, it's just a matter of time before the mob reaches a true fever pitch and declares the world would be sunshine and unicorns again without Russia.

Necraft confirms this new Slashdot meme, soon to a Beowulf cluster of Russian interference.

Hey Marissa

[93+Escort+Wagon]

If you really felt you were at fault, you'd give all those millions of dollars back.

But it's quite obvious what's she's saying is "sorry not sorry" - "I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way".

Re:Hey Marissa

[Mitreya]

"I was CEO, so of course the buck stopped with me... but I wasn't actually culpable in any way"

So what is missing from that apology is any(!) indication that next time she would invest in proper security. From what I gather, a lot of these issues could be mitigated by having well funded IT security division.

Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

Oooh, well, if they took the radical step of requiring users to change passwords, then I guess there is nothing else to be done.

Re:Hey Marissa

[wgoodman]

So what is missing from that apology is any(!) indication that next time she would invest in proper security. From what I gather, a lot of these issues could be mitigated by having well funded IT security division.

Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

I know whatever they implement will be BS, but you completely ruined your argument by following it with them saying exactly what you said they didn't say.

Re:Hey Marissa

[Mitreya]

Yahoo required users to change passwords and took new steps to make data more secure, Mayer said.

I know whatever they implement will be BS, but you completely ruined your argument by following it with them saying exactly what you said they didn't say.

I respectfully disagree (although perhaps it should have been stated in my post).
I think if they did anything concrete (e.g., hired 20 new security analysts), she would proudly say so.
The quoted sentence clearly indicates that other "steps" taken were on par with asking user to change passwords (e.g., sending out an internal security memo, or requiring IT department to change their passwords too).

US needs legal liability

[EndlessNameless]

Good luck if you want to hold anyone accountable for any of this. Maybe you have the time and money to slug it out in the courts. Or years to wait for a verdict.

We have some experience with addressing this. Companies can get slapped pretty hard for violating HIPAA---either for improper disclosure or poor security. However the law was written, it is effective in making them think about security properly. A law by itself doesn't guarantee good conduct across the board, but it certainly helps when there are consequences.

If any congressman wants to extend HIPAA-level security requirements to any system that handles the personal information of American citizens, he gets my vote automatically. We should have done it 20 years ago. Better late than never.

Unless there are new rules and new consequences, nothing will change. Wallets and ballots, people.

Death by Meme

[Zorro]

"Because Russians!"

Her excuse is laughable

Let's be honest. She was the politically-correct choice. Most C-level candidates anymore are chosen not for their merit--be that technical chops or business acumen--but because they meet a certain social expectation: they are a woman, black, an open homosexual, or a mix. Whatever happened to hiring highly-qualified business pros that are simply business pros like Marc Benioff, Michael Mahoney, or Jen-Hsun Huang? These men are great CEOs. They get the job done, they are well liked by everyone. Why? Because they understand how to run a company. They understand people and how to deliver ROI. They can navigate the boardroom and the cube farms with equal aplomb.

Whatever happened to let's just hire the right person for the job. Yahoo were warned before hiring her that her appointment would not bode well. No one listened. The result? One of the Internet's founding companies is now a shadow of its former self and basically worth far less than Verizon paid.

Its always the others

[gweihir]

How I hate the scum that cannot take responsibility for what they screwed up. These people are the most destructive force in the workplace, no matter what level.

Bitten by a mosquito?

[Mrakodrap]

Blame Russians!

Re:Should have colluded with Russia like Trump

Wouldn't it be better if Yahoo just colluded with Russia's attack on its users like Trump colludes with Russia's attacks on America while denying that Russia is responsible for the crimes that he colludes with?

You obviously missed the fact that the Russian lawyer supposedly colluding with Trump met with the same group Hillary! hired to create that fake Trump dossier.

Yep, that same Russian lawyer met with Fusion GPS right before and right after Don Jr. said, "WTF?!?!" to her when she tried to entrap him.

Who's colluding with Russia?

"Follow the money"

Democrats paid Fusion GPS. Fusion GPS created that fake Trump dossier. Fusion GPS met with the Russian lawyer who tried to meet with Trump.

Why spend money on security..

[sqorbit]

...when it's way easier just to blame Russia. Lots of American's will jump on board with this. Russian hacking is the bad guy, we're the good guys. Now we can all just ignore that fact that US corporations are constantly targets because of horrible security policies and crappy management.

Re:Why spend money on security..

[wwphx]

They also didn't spend money on good code. I've been using Yahoo Mail for years, and whenever it comes up with the "Yahoo Mail logs you out periodically for security purposes", or whatever the stupid message says, you don't have to log back in again 95% of the time. Type mail.yahoo.com and you're back in your mail again without typing in your password.

Bad design by design.

Imagine banks using this excuse

Uh, sorry guys. It was the russians who took your money and stuffs. Again, so sorry. Yes, I was paid 30 million when I left, but again, I'm sorry the russians stole your stuffs.

Indeed

[nospam007]

" I want to sincerely apologize to each and every one of our users,"

Both of them.

Re:Indeed

[Trailer+Trash]

" I want to sincerely apologize to each and every one of our users,"

Both of them.

Yeah, that's what I was thinking. A phone call would have been quicker.

Heard in class yesterday

[DontBeAMoran]

Teacher: Where's your homework, Timmy?
Timmy: The Russians stole it!

"The Russians Pooped In The Hall!"

[Archtech]

https://uploads.disquscdn.com/...

Burglary is illegal even if the door is unlocked

[Geoffrey.landis]

See subject: If "russians" (or anyone else instead of the current 'patsy' russians) found a door they left unlocked @ Yahoo (or YouTube etc.) whose fault is it REALLY folks?

Both, of course. The defense "the door wasn't locked so I came in and took your stuff" will not get you off from a charge of burglary. And the defense "but the lock was really easy to defeat" is even a worse excuse.

This is a form of false dichotomy: the fact that one party has blame does not mean that another party is not also in the wrong.

Yahoo?

[Bruinwar]

Oh YEA... YAHOO... they got hacked. I forgot. So many data breaches, it's hard to keep up. Seems almost like small potatoes compared to Equifax.

Russians stole your radio too!

[wgoodman]

I didn't steal your car stereo, it was the uh Russians!

I'd be happy to sell it back to you though.

Re:Burglary is illegal even if the door is unlocke

[NicknameUnavailable]

A) It's the internet, a system known to have innumerable malicious actors who will fuck up your shit just for the sport of it, even if it's not valuable. If you plug something into it you assume the risk and in turn the burden of securing it

B) This is Marissa Mayer we're talking about, the woman who sank Yahoo! after getting the job running it purely on the basis of social justice and as a gimmick to attract the SJW crowd to the already-dying platform. No amount of external bad actors had anything to do with that, it would have sank just as readily without them (and probably without her, for that matter.)

Yahoo! is the product of the dot-com bubble when everyone and their mother was throwing money at tech, especially search engines. They failed to monopolize the market while someone else didn't so they sucked and died. The underlying cause is that we exist in an economy which strongly favors monopolies, and for something like a search engine with huge data and computational requirements that certainly applies no less. Moreover, Yahoo! was the ADHD-riddled company in the search engine business, they tried social networking, search, image sharing, video sharing, instant messaging, chat, eCommerce, etc and they every single one badly - even managing their already-successful-but-doomed-by-association acquisitions. Hell, they even partnered with Microsoft's Bing and handed over their one asset - the data they acquired over the years - to remain relevant for a couple of more years. Yahoo! is the example of everything not to do as a company and at least half their board (that I know of) were actually smoking meth on a daily basis.

All Watched Over by Machines of Loving Grace

[Thud457]

Hunter-Killer robots to track down and punish hypocrites is how the latest robopocalypse started.

blaming Russians... wait...

[Tom]

So are Russians now incredibly competent and advanced, or are they backwater vodka-drinkers? Make your pick, but it's only one of those. Either those Russians are very competent and can break into stuff where other people can't, or they're a 3rd world country that plays big under an evil dictator. But those things don't mix. We just see the narrative changed all the time, depending on what the purpose is.

Re:"It was my campaign. Those were my decisions."

[JackieBrown]

And her examples were?

This sounds allot like "Well the buck stops here" that we would hear Obama say. It didn't mean anything as far as consequences or actually accepting responsibility.

When I'm managing, I hear this often when someone makes a mistake "I'm not going to make any excuses but" follow by nothing but excuses. Just like "I take full responsibility" followed by explaining all the reasons they were not responsible.

Re:Should have colluded with Russia like Trump

Trump Jr offered the Russian gov lawyer quid pro quo - sanctions relief for Russian government help in the election.

Your attempt at misdirection does not change this fact.

But this is just some of the collusion which is now known. There is also the Popandopolous collusion with Russia's hacking and email release campaign.

By the way, the so-called dossier you claim is fake has more corroboration of its claims. Carter Page claims the dossier is fake, but in the same congressional questioning he corroborated several claims from it.

nature's concurrence

[slick7]

When you use your finger to point, three fingers naturally point back to you.

No surprise

[Revek]

We have seen she is incapable of blaming herself.

She's in front of Congress

[rsilvergun]

she probably has some actual evidence that the hack originated in Russia. And it probably did. Russia and the old Soviet Block countries are full to the brim with out of work software engineers. Didn't you ever wonder why most hacks and quasi-legal software is made over there? China doesn't have this problem because their big manufacturing base absorbs those engineers (and if all else fails the gov't will do make work to keep them from causing trouble).

Re:Burglary is illegal even if the door is unlocke

[PCM2]

It doesn't really matter how computer crime laws are structured.

I own a big warehouse. I tell everyone it's the best warehouse around and they can all keep their valuables in it, for free. Everybody gets on board. Then, once everybody has left their stuff in the warehouse, I leave the front doors open.

Is the person who walked in and stole everything a criminal? Yes.
Am I liable for my negligence? Almost certainly.

Re:The joke of Russia.

[jbengt]

This Russia crap is getting old.

Understandable feeling.
Just don't let that feeling convince you that the current Russia regime isn't out to get us.

I think this has already been pointed out

[rsilvergun]

but if somebody breaks into your house because your door locks were substandard (can happen even if you have nice locks, the more expensive ones are often just that, more expensive) then are you copping-out when blame them?

Mind you, Yahoo probably bought the crappiest locks they could get away with but still, that doesn't excuse the crime. As for Russia, I'm assuming Mayer's got some evidence if she's willing to say that in front of the Senate. And it's not at all surprising. There are a lot of out of work engineers in Russia. They've got great schools and great people but their economy's not the best. And I don't see a lot of immigration from there as compared to say India or even China.

Re:"It was my campaign. Those were my decisions."

[cyberchondriac]

Exactly. It's gratuitous lip service that is expected of someone in that position, and not a syllable of it is genuinely meant.
It's schtick, superficiality over substance.

Re:Should have colluded with Russia like Trump

Trump Jr quid pro quo sanctions relief in exchange for Russian government help in the election. This is treason.

source

Papadopoulus (Trump campaign aid) colludes with Russia's attack on America, and confesses to lying about it to the FBI.

source

Carter Page claims the dossier is fake while corroborating its assertions.

source

Russians? Sounds more like a hole in security

[wardrich86]

It's interesting that they're blaming Russians... I would have thought the breech occurred due to a hole in security - either a system or a person. But I guess then you'd have to accept that you done goofed.

Nice try Marissa

[erp_consultant]

The dog ate my homework. Let's just blame everything on "the Russians". Well, that narrows it down to a few hundred million people. Let's not bother to actually try and find out which "Russian" may have perpetrated this act. No let's just leave it at that and call it a day. Great way to deflect attention from the fact that this massive breech occurred ON YOUR WATCH.

Well, at least you managed to get all those people working from home back into the office. Because if they are working from home they can't possibly keep an eye on those pesky "Russians". Except that..oh...it happened anyway. So I guess that one kinda backfired. At least you can point to your tremendous success in every portfolio you touched during your tenure as CEO...crickets....

She did "sincerely apologize" so I guess that counts for something. Except she did it after making away with hundreds of millions of dollars in salary and stock so it rings exceedingly hollow to me. And laying off thousands of workers. And driving a stake through the heart of a once proud internet pioneer. But hey, Marissa took care of Marissa and that's all that really matters. Right?

Cunt. Karma is going to have a field day when it catches up to you.

Re:"It was my campaign. Those were my decisions."

[k6mfw]

In fact, Hillary spent a lot of time analyzing what she, personally, did wrong. What she said--direct quote-- was "I go back over my own shortcomings and the mistakes we made. I take responsibility for all of them. You can blame the data, blame the message, blame anything you want, but I was the candidate. It was my campaign. Those were my decisions."

What she missed is was that one quote that squelched all others. A management class had an example where managers talk about all kinds of stuff the company will be doing and what is expected from employees but may say one certain thing in a certain way, everybody will forget everything except that one certain thing. I forgot what that example was, bluefoxlucid maybe you know of examples, there was the famous by Obama in 2010 when he cancelled the Constellation lunar program, "We've already been to the Moon" is what everybody remembers him saying. They forget his request for additional funding for R&D of heavy lift launch vehicle (and those following Constellation saw ever increasing costs and schedule slippage that was not sustainable).

Equality

[dilvish_the_damned]

I really don't think race, religion, creed, or gender should offer protection from earning the label of "incompetent".

The common cry of the incompetent!

[Nexion]

What an incredible lack of integrity exhibited by these corporate failures. The truth is that they failed to put a priority on security spending and WE paid the price. I have no respect for anyone who cries "russian hackers" to cover up their complete lack of ownership with a bit of good ol scapegoating.

How pathetic.

Re:Burglary is illegal even if the door is unlocke

[Geoffrey.landis]

Is the person who walked in and stole everything a criminal? Yes.
Am I liable for my negligence? Almost certainly.

Exactly. The correct answer to the question is "both."

Re:Burglary is illegal even if the door is unlocke

[Archon]

Yahoo! is a product of being in the right place at the right time with their originally hand-curated lists of things to check out on the internet. After search engines became a thing, Yahoo! was in a constant state of catch-up.

What does an apology mean these days?

[Nicolas+Cage]

"Sorry, this wasn't actually my fault though, it was the Russians" sounds about as sincere as "I'm sorry that I got caught." Totally meaningless. What a joke of a company.

Invisible hand

[AHuxley]

Staff are guided by an invisible hand when they hire years of security experts?
An invisible hand ensures PRISM got in and was not detected?
https://en.wikipedia.org/wiki/...

Re:"It was my campaign. Those were my decisions."

This is an example of an argument that cannot be falsified. When she says clearly, distinctly, and explicitly that it was her fault, you say oh, that's just "gratuitous lip service."

Since nothing she says can possibly change your opinion-- it's clear your opinion is not based on actual facts.

Alternate headline

[Trailer+Trash]

"Irrelevant person figures out way to get her name in news headlines again"

I'm personally thinking of "saving Hotmail" again - I suppose I ought to issue a press release.

Re:Really, Russians?

[Geoffrey.landis]

Oh really, the Russians? They are quite active these days, responsible for everything it seems. One could get the impression all 147 million Russians arent doing anything else than hack the West 24/7.

About 90 paid employees, in the most well-known Russian Troll farm, actually (reference: http://www.independent.co.uk/n... )

Possibly more in others: https://en.wikipedia.org/wiki/...

http://www.chicagotribune.com/news/nationworld/ct-russia-troll-farm-20171008-story.html

https://www.theguardian.com/world/2017/oct/17/russian-troll-factory-activists-protests-us-election

Re:"It was my campaign. Those were my decisions."

[david_thornley]

Um, the consequences included President Trump, and I haven't seen much better wording in accepting responsibility. If you think that quote sounds like ducking out of anything, you need a remedial English class.

Re: It is but not locking doors = negligence

[Brockmire]

A malicious bad actor just needs to take over one of the black lists used to feed your hosts shit and millions of people get infected. Are you checking 100k+ hosts entries? Your belief that you're invulnerable is unfounded.

Re:Burglary is illegal even if the door is unlocke

[antdude]

But Y! already sank before her!

Re:Should have colluded with Russia like Trump

[piers_downunder]

I keep hearing the Steele dossier referred to as 'fake' by Trump apologists, and I have no doubt that some of it will likely turn out to be spurious. However, the dossier introduced the public to a lot of wild claims about the Trump campaign, and so far I've only heard of things being corroborated. A couple of claims have been directly denied by campaign officials implicated in the dossier, but AFAICT those same officials have failed to produce any corroborating evidence.

So in order to dismiss the entire document, despite knowing at least some of it has proven accurate, please provide your overwhelming evidence that most (or in fact some) of it is 'fake'.

Re:"It was my campaign. Those were my decisions."

[cyberchondriac]

You need to learn that words are not actions, and substance is more important than superficiality. So she wrote, in one or two sentences in a book, that it was her own fault, but is that really "taking" responsibility? Because she says so? Did she ever *act* like it was her own fault? Did she ever *act* like she took responsibility for losing? In every interview I've seen and article I've read since the election, she's blamed everyone *but* herself: Bernie Sanders, the Electoral College, racism, "deplorables".. you name it.
Thus the facts support my claim that what she wrote was in fact disingenuous; making it gratuitous lip service.

theory

[Reverend+Green]

New theory:

Slashdot, because it has the most sophisticated and robust moderation system of any major internet forum, has become a sort of R&D battleground for the rapidly evolving art of information warfare.

All the major and many of the minor geopolitical players have their 50 cent armies marshalled here. Yet many of us civilians - of varying degrees of disinterestedness - also remain.

It is our "hearts and minds" that the information warriors seek to win.

Re: Burglary is illegal even if the door is unlock

[NicknameUnavailable]

You forgot C) The hordes of corrupt liberals blaming Russian state-backed hackers (both employed and freelance) as a form of virtue signaling to distract from the fact they take Russian bribes.

FTFY.

Re: "Phantasyland" w/ Quagmire, lol... apk

[Brockmire]

You linked to your comment linking to a +5 funny joke. I have no fucking idea what point you were trying to make. You are fucking insane and should be under supervision at all times. Your trolling with bad spelling and caps is the most annoying part of Slashdot. It's "fantasy", not "phantasy", you fucking moron. You think your code is bug free? Dream on, you can't make a paragraph without errors. Now do everyone a favour and fuck off.

Re:Burglary is illegal even if the door is unlocke

[tehcyder]

Is the person who walked in and stole everything a criminal? Yes. Am I liable for my negligence? Almost certainly.

Exactly. The correct answer to the question is "both."

In the minds of most Slashdotters there are only binary alternatives. If the warehouse owner is negligent, therefore the criminal hasn't committed a crime.

Re: Burglary is illegal even if the door is unlock

[tehcyder]

Utter BS. Google spread like fire in a tinder forest because it was so much better that anything else at finding the relevant search results that people suddenly started talking about it.

Maybe you discovered it on Yahoo!'s page, but most people found about it from someone else who was raving about it.

Young people nowadays don't realise how absolutely shit search engines were before google. You could try all the tricks you liked, but something like AltaVista just returned page after page of links to pages with links to pages with ads for penis enlargement or life insurance.

There was a good reason why you could buy magazines/books full of useful web links, you'd got almost zero chance of finding them otherwise.