Thread: SPH sues Yahoo! for copyright infringement

SPH: Yahoo! has been 'free-riding' on the efforts of its editorial staff
http://sg.news.yahoo.com/ph--yahoo--...ial-staff.html

New CEO at helm of Yahoo......

Marissa Mayer's top 3 challenges as Yahoo CEO
17 July`12 — Like a lot of math geeks, Marissa Mayer enjoys tackling complex problems. She will find plenty of those as the latest CEO at Yahoo. The troubled company has turned into a vexing brain-twister as its financial performance has steadily deteriorated even though it still boasts one of the Internet's biggest audiences and best-known brands.

Yahoo announced Tuesday another lackluster set of financial results in the second quarter. The company earned $227 million, a 4 percent decrease from a year ago. In the last five years, Yahoo's stock has tumbled 41 percent. It closed Tuesday at $15.60. Mayer, 37, will try to reverse the financial malaise as Yahoo tries to match the growth of rivals Google and Facebook Inc. Both companies have been prospering as advertisers spent more money on Internet advertising. Consider some of the challenges that greeted Mayer Tuesday as she took over Yahoo's helm after a highly successful 13-year career at Google.

—ACQUIRING AN ALLY

Mayer's to-do list probably will start with deciding the fate of Ross Levinsohn, who had made a positive impression among analysts during his two-month stint as interim CEO. He took over after the mid-May ouster of Yahoo's previous leader, Scott Thompson, who left amid a flap over misinformation on his official biography. Levinsohn had envisioned Yahoo's website becoming the hottest spot on the Internet to get a mixture of exclusive content and material produced by a wide range of other media outlets. He was particularly focused on improving the quality of Yahoo's video offerings, figuring more people would stick around the company's website if it was serving up professionally produced news and entertainment clips. That in turn would help Yahoo sell more online advertising and revive revenue growth.

Mayer has previously worked with Levinsohn while she was overseeing Google's Internet search team and he was running the digital operations at Rupert Murdoch's News Corp. In 2006, News Corp.'s MySpace social network struck a lucrative advertising partnership with Google that was widely seen as a coup for Levinsohn. But it's not clear if those past ties will be enough to smooth things over with Levinsohn, who has now been snubbed twice for the Yahoo CEO job in less than a year. He was also interested in running Yahoo after the company fired Carol Bartz as CEO last September, but didn't even get an interim tryout that time. Yahoo instead relied on Tim Morse, its chief financial officer, as its temporary CEO.

Levinsohn, 48, was widely seen as the leading candidate to be permanent CEO this time. So being passed over for a younger outsider such as Mayer may have bruised his ego. In a Monday interview, Mayer declined to discuss her plans for Levinsohn. Some analysts believe the two could form a powerful combination at Yahoo if Mayer can win Levinsohn over. That's because Mayer specializes in developing products and managing how online services interact with users while Levinsohn's strong suit is negotiating media partnerships and selling advertising.

—CHARTING A NEW DIRECTION

See also:

Will Mayer's Pregnancy Hinder Her at Yahoo?
Tuesday, 17 Jul 2012 | In addition to the surprise announcement that Marissa Mayer is Yahoo's new CEO came some other unexpected news: Mayer is expecting.

Mayer, 37, took to Twitter on Monday night to announce that she was pregnant. She said she and her husband are expecting a baby boy. She later said she is due in October and will work throughout her maternity leave. Mayer's decision to not take maternity leave raises interesting issues about women in the corporate world and has spurred debate over whether women can really ever have separate family and work lives. 'No one can truly have it all. Parenting ebbs and flows as our kids get older and business ebbs and flows," Tereza Nemessanyi, founder of HonestlyNow.com, said Tuesday on CNBC. "The question is ... what does she need to do to get her job done? ... I think we should be asking all women that: What do you need to get the job done, and can we give it to you?"

Nemessanyi, who also runs a blog called Mashups, Market and Motherhood, has worked with a number of Fortune 500 companies and startups and said Mayer is capable of carrying out her duties at Yahoo as long as she has the right support in place. In fact, if more mothers were given the right support in their work life, businesses would be better off, she said. "I've been in innovation for 20 years, I've been a mother for nine years and the thinking in American business has tended to be the two are mutually exclusive and that's a big problem," Nemessanyi said. "We are leaving a ton of innovation and a ton of jobs on the table. And we can't afford that anymore."

While Mayer's decision to take on the challenge of turning around Yahoo during her pregnancy may be inspiring to some women, it's also important not to have the pregnancy detract from Mayer's talents, said Anne Mulcahy, former chairwoman and CEO of Xerox and a CNBC contributor. "I think the fact that she's pregnant takes away from what a great hire they've made," Mulcahy said. "She brings, I think, some great capabilities to Yahoo in terms of what she's done in user experience and innovation. All of that says that the board made a really good decision, and although it is a really tough challenge, she comes well-equipped to take it on."

http://www.cnbc.com/id/48213729?__so...|feed|&par=ask

Granny says, "Yahoo email account users lissen up...

If You Have a Yahoo! Email Account and Value Your Privacy, You Will Want to Read This
November 27, 2012 - A hacker is capitalizing on a Yahoo! flaw that could allow email accounts to become compromised and could trick users into clicking on malicious websites. But criminal hackers will have to pay to obtain details about how to conduct this hack. The cost: $700.

Brian Krebs on his blog Krebs on Security reported last week that an Egyptian hacker was offering this deal on an “exclusive cybercrime forum” called Darkode. The hack itself steals cookies, which Krebs explains leads hackers into their target’s account where they can send or read emails. Here’s how the hacker going by “The Hell” advertised his exploit, according to Krebs: “I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers. And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”

Krebs writes that he contacted Yahoo! to alert them of the problem and was told the vulnerability will be relatively easy to fix. “Fixing it is easy, most XSS are corrected by simple code change,” Ramses Martinez, director of Yahoo! security, said to Krebs. “Once we figure out the offending URL we can have new code deployed in a few hours at most.” Until that URL is identified, Krebs noted that the vulnerability serves to remind users to be careful when clicking on links from strangers or that are in odd messages.

Source

See also:

Yahoo Email-Stealing Exploit Fetches $700
A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits.

The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

The hacker posted the following video to demonstrate the exploit for potential buyers. I’ve reproduced it and published it to youtube. “I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”

KrebsOnSecurity.com alerted Yahoo! to the vulnerability, and the company says it is responding to the issue. Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”

According to the Open Web Application Security Project (OWASP), XSS flaws fall into two categories: Stored, and reflected. TheHell said his exploit attacks a stored XSS vulnerability, in which the injected code is permanently stored on the target servers, such as in a database, message forum, visitor log, or comment field. The victim’s browser then retrieves the malicious script from the server when it requests the stored information. As powerful as XSS attacks can be, they are unfortunately also extremely common. Xssed.com, the definitive archive of reported XSS vulnerabilities, lets users index them by Google Pagerank, making it quite easy to find several examples of other unfixed and recently-patched XSS flaws in yahoo.com and other properties. Also, the Open Source Vulnerability Database (OSVDB) lists new and fixed vulnerabilities by vendor.

These types of vulnerabilities are a good reminder to be especially cautious about clicking links in emails from strangers or in messages that you were not expecting. You don’t have to cater to cybercrooks to make money finding vulnerabilities in software, hardware and online services. Many companies pay researchers to report flaws, including Facebook, Google, Mozilla, CCBill and Piwik. Yahoo doesn’t have a bug bounty program, but if it modeled one after Google’s program this vulnerability would be worth $1,337. Also, Verisign’s iDefense and Tipping Point both purchase vulnerability research.

MORE