
Verizon just raised a big warning flag for Yahoo - phrogdriver
https://www.washingtonpost.com/news/the-switch/wp/2016/10/13/verizon-just-raised-a-big-warning-flag-for-yahoo/
======
heroprotagonist
While I suspect some of this is posturing for a better price, I'm certain from
some past experience that Verizon is very serious about security.

A lot of large enterprise take an approach my colleagues have referred to as
'rubber stamp security', that checks boxes in a compliance report while still
remaining largely ineffective. For example, these companies buy tools and
install them, but then never configure them properly.

From what I've seen of Verizon, they are more serious about security and
beyond requiring an effective toolset, they take the approach of hiring new
people who already know the tools well or give effective training to their
existing and competent people as part of the onboarding process. This sounds
like a no-brainer, but a lot of companies either don't do this or do it very
poorly.

Beyond any kind of material impact of the breach on Yahoo's business, it would
require a _lot_ of work from their security teams to absorb Yahoo in a way
that raises them to Verizon's standards. An acquisition of this size is rarely
very easy, but having to completely overhaul the acquired company's entire
security posture just adds to this effort. Verizon's security team has to
consider Yahoo's infrastructure with very little trust at this point. I
wouldn't much care for the prospect of having a flaming bag of poo deposited
on my porch, either.

~~~
ghughes
Given that not too long ago they were publicly shamed for implementing an
invasive tracking system that completely undermines their customers' privacy,
[1] you'll have to do a little better than "some past experience" and "from
what I've seen" if you want your assertion that "Verizon is very serious about
security" to be taken seriously.

[1] [https://www.wired.com/2014/10/verizons-perma-
cookie/amp/](https://www.wired.com/2014/10/verizons-perma-cookie/amp/)

~~~
syshum
One has nothing to do with the other

You can be VERY good at systems security, while simultaneously wanting to
violate your customers privacy....

~~~
bartl
Well ironically, in this case, Verizon's problem with Yahoo is allegedly about
customers' privacy.

------
pcurve
Yahoo's operating income since Mayer took seat.

2012: 802.5M 2013: 579.4M 2014: 218.7M 2015: -127.5M

Wait til 2016 numbers come in.

Revenue flat at $5 billion.

~~~
carterehsmith
Now, those numbers do not explain everything.

Consider Uber revenue, and operating income ... the numbers are horrible, but
the overall outlook is obviously different.

~~~
pcurve
Uber's revenue

2013: 160m 2014: 440m 2015: 1.5 billion

Yahoo's revenue

2012 - 2015: 5 billion flat, with dip in the middle.

Uber experienced explosive growth in user base... can't say the same about
Yahoo.

Apple - orange comparison.

~~~
carterehsmith
So... Uber's revenue is still less than Yahoo's, right?

Explosive growth? If you are losing money, like Uber is, that means exploding
loss. Is that good?

How about operating income? They both seem to be bleeding money.

~~~
gjolund
Found the yahoo shareholder.

------
justinlardinois
From a thread about the data breach:

> Investors are conflicted: on the one hand, Yahoo had a data breach that will
> cost them trust, but on the other hand, investors are surprised to hear
> there are still 500 million Yahoo users.

[https://news.ycombinator.com/item?id=12559594](https://news.ycombinator.com/item?id=12559594)

~~~
curt15
One wonders how many of those users would flee if mail forwarding were
restored.

------
paulsutter
The delay informing Verizon is also a big deal: they are surely wondering what
else they haven't been told.

------
jessaustin
_But Silliman made clear on Thursday that the “state-sponsored” nature of the
breach would have no bearing on the analysis of materiality.

“From a legal perspective,” he said, “the question . . . ‘is it a state-
sponsored attack?’ isn't really relevant in terms of what we're looking at.
The question is whether this [had] a material or an adverse effect on the
asset we are buying.”_

One can see why he didn't want to call "bullshit" publicly, and the news media
is required to be dumb, but does anyone with a clue really believe these oh-
so-convenient "state actor" attributions? We're supposed to imagine that
Russia: 1) wanted what Yahoo had, and 2) wanted to get caught at it. What's
the motivation? Did Marissa cut in front of some favored oligarch at the ski
lift in Davos or something?

~~~
oneloop
Come on...

WikiLeaks drops shit on Clinton, blame Russia.

Mayer does a terrible job, blame Russia.

Who wants to bet that next we'll hear Elizabeth Holmes blaming Russia for her
silly Edison machines not working properly.

~~~
jessaustin
What media conglomerate did China pay off? They used to get blamed for all the
magical unavoidable super hacking... well, them and North Korea both.

------
pmontra
It's a big warning flag for everybody: pay attention to security (broadly) or
there could be no exit at the end of the road of your startup.

------
rosstex
Any way to bypass the free article limit on Washington Post?

~~~
ars
Try 'Reader View' on Firefox.

