mask.of.sanity writes from a report via The Register: Hackers have installed skimming scripts on more than 6,000 online stores and are adding 85 each day in a wide-scale active operation that may have compromised hundreds of thousands of credit cards. The malware is infecting stores (full list) running vulnerable versions of the Magento ecommerce platform, and also compromised the U.S. National Republican Senatorial Committee store. "Given that there are [about] 5,900 other skimmed stores, and the malpractice has been going on since at least May last year, I would expect the number of stolen cards in the hundreds of thousands," said Dutch developer Willem de Groot. You can read his blog post to learn more.

Speaking of giant ecommerce companies, Amazon has launched a streaming music service dubbed, Amazon Music Unlimited, that starts at $3.99 (cheaper than Spotify or Apple Music) and has tens of millions of songs. There's a catch, however. The service has three payment tiers, but the lowest one -- which again, costs $3.99 -- only works with company's Amazon Echo, or Echo Dot, or Amazon Tap speakers. GeekWire adds: To use Amazon Music Unlimited on multiple devices, including smartphones, you'll need to pay $7.99 if you're an Amazon Prime member, or $9.99 if you're not. In a world where people increasingly expect everything to work everywhere, the Echo-only tier might seem out of place, even at less than $4 a month. But Amazon is pitching the option as an add-on experience for Echo owners, going beyond the 2 million tracks available in the existing Amazon Prime Music service that comes with the $99/year Amazon Prime subscription. The company is also using some smart computing behind the scenes to differentiate the experience. For example, Echo users will be able to ask Alexa to "play the new song by Adele."

According to a report from Recode, the founder and CEO of Google Ventures (GV), Bill Maris, is leaving the firm and its parent company, Alphabet. Recode reports: "Sources say Maris is being replaced by David Krane, a managing partner for the venture arm and one of the earliest corporate communications managers at Google. Maris, an early web entrepreneur, founded Google's venture capital arm in 2009 and quickly built it into a formidable presence in Silicon Valley. In 2015, the firm managed upwards of $2.4 billion in capital. Although GV cut back on investments in Europe and with early stage companies, the firm is still willing to cut checks. For the first six months of this year, it passed Intel Capital as the most active corporate venture arm, according to CB Insights. Under Maris, GV has had some high-profile misses -- most notably, the disastrous app Secret. But those were outweighed by early bets in gigantic startups like Uber, Nest, Slack and Jet.com, which just went to Walmart for $3 billion. Lately, GV has upped its investment in startups working on health and biotech, a strong interest of Maris's." Recode followed up with Maris in a separate report and asked him several questions. When asked why he is leaving, Maris said, "I'm leaving because everything is great."

The acquisition of Jet.com by Walmart for $3 billion in cash appears to have made the founder of IdeaDash an "accidental millionaire." Fortune reports: "Martin, who is the founder of a startup called IdeaDash, won Jet.com's nationwide marketing competition -- Jet Insider -- in early 2015. The contest offered a reward of 100,000 shares of Jet stock to the contestant who got the most people to sign up for 6-month free trial 'insider' memberships to the membership shopping site, a sort of online Costco or Sam's Club. According to his company's website, Martin took first place out of the 350,000 people who participated, getting over 8,000 people to sign up. Martin spent $18,000 on online ads, Bloomberg reports, and now has a stake in Jet that is reportedly worth millions. Although Martin told Bloomberg that he is not sure exactly what his stake is worth, Fusion reported in February 2015 that his piece could be valued between $10 million and $20 million."

Walmart says it has agreed to acquire online retailer Jet.com for $3 billion in cash. As a promise, Jet.com says it will deliver cheaper prices on a range of goods by encouraging users to buy more items at the same time or to purchase products located in the same distribution center -- thereby cutting collection and shipping costs. ZDNet reports:Overall, it's clear that Wal-Mart has Amazon envy and needs to scale its e-commerce operations. The Jet management team has had experience battling Amazon through Quidsi and its brands such as Diapers.com. As for the deal, Wal-Mart said some of the $3 billion for Jet will be paid over time and $300 million of Wal-Mart shares will also be part of the transaction over time.

Pinterest is figuring out new ways to bolster its revenue. On Tuesday, the social media company announced a range of new e-commerce features that will encourage its users (the service attracts more than 100 million users every month) to purchase items directly from its website. One of the biggest features is visual search for products, which will allow users to take a picture of an object and then see similar items to buy on Pinterest. The company has also announced a shopping bag that can be accessed on its mobile apps and website. From a Fortune report:Merchants will be able to create dedicated pages displaying all the merchandise being sold through Pinterest and, like Amazon, will suggest items that a user might want to buy. [...] The company wants to make it increasingly easier for people to buy items on its site. If Pinterest does have ambitions of becoming more of an e-commerce destination, it makes sense for Pinterest to start emulating moves made early on by e-commerce giant Amazon, such as personalization and recommended items. The key to personalization for Amazon has been the trove of data it has accumulated in order to recommend more products to its users. Pinterest said that its users are currently pinning four million items per day, and this data could be key to providing users with more personalized recommendations.

In an interview with The Atlantic, Ev Williams, best known for co-founding Blogger, Twitter, and Medium, says the web is about money now -- and not creativity. According to him, the burst of creativity has repeatedly been followed by big companies showing up and locking it down. From the article: But the thing about dreaming up a future, and making it real, is then you have to live in it. Back in San Francisco, coming out of the BART station on Market Street, he admits that the web game has changed since he came up. [Editor's note: he is talking about web services that allow you to book a taxi with an app, pay for stuff you purchase with your phone]. "There were always ecommerce startups," he says. "I was never part of that world, and we kind of looked down on them when the whole boom was happening. We were creating businesses, but ours had more creativity, ours weren't just for the money. Or maybe ours were even for utility but not just money, whereas clearly there are ways for both." He laughs. "Even the Google guys -- they were trying to create something really useful and good for the world, and they made all the money." Software developer and writer Dave Winer disagrees. He believes that not all technologies are money-driven -- at least when you look at it from a different perspective. He writes: The fun is over. Now it's about money. I guess that's what you see from his perspective. And from Facebook, Apple and Google, and maybe Oracle and Salesforce, and a few others. But there are technologies that went a different way. My favorite example is Manhattan's relationship to Central Park. The apartment buildings around the park are the money, and the creativity is in the park. The buildings are exclusive, the most expensive real estate in the world. The park is open to anyone, rich or poor, from anywhere in the world. The park is the engine of renewal. It's where the new stuff comes from. The buildings are where the money is parked. In the interview Williams did with the Atlantic, in NYC, they looked into the park from a nearby hotel. That's one valid perspective of course. Or you could go for a walk and see wha''s happening inside the park. You can see a great concert at Lincoln Center or Carnegie Hall, but there's great music in the park too. It's different. But it's good music. And the price is right.

Sam Pudwell, writing for IT Pro Portal: Taiwanese hardware and electronics giant Acer has announced that it has suffered a data breach via its e-commerce site, and is preparing to inform those customers affected. Due to unauthorised access by a third-party, anyone who accessed the online store between 12 May, 2015 and 28 April, 2016 could have had their personal information compromised. Acer revealed that names, addresses, payment card numbers, card expiration dates and card security codes may have been accessed by the hackers but, following investigations by internal and external professionals, believes login details were not compromised.

Multinational retail corporation Wal-mart announced on Thursday that it is six to nine months from starting to use drones to check warehouse inventories in the United States. The drones, which are capable of operating on autopilot, fly through the aisles snapping 30 images a second, and deliver real-time data to employees about whether the correct product is shelved in the proper place. From a Reuters report: Finding ways to more efficiently warehouse, transport and deliver goods to customers has taken on new importance for Wal-Mart as it deals with wages costs while seeking to beat back price competition and boost online sales. Wal-Mart said the camera and technology on top of the drones have been custom-built for the retailer.

An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."

Josh Constine, reporting for TechCrunch: Facebook will now allow businesses to deliver automated customer support, ecommerce guidance, content, and interactive experience through "Bots on Messenger", Facebook's term for chatbots. By providing utility through its huge developer and business ecosystem, Facebook could boost loyalty with Messenger, one-up SMS, and keep up chat competitors like Kik, Line and Telegram that have their own bot platforms. Beyond just text, chatbots will be able to respond with structured messages that include images, links, and call to action buttons. These could let users make a restaurant reservation, review an ecommerce order, and more. Facebook is not the only company -- let alone the first -- which has a bot store. Messaging apps Telegram and Kik offer similar functionalities. Popular communication service Slack has also been ramping up its efforts around bots and figuring out different ways to enhance its customers' experience. Two weeks ago, Microsoft also announced a bot platform.

New submitter Valdir Stumm Junior writes: Scrapy with beta Python 3 support is finally here! Released through Scrapy 1.1.0rc1, this is the result of several months of hard work on the part of the Scrapy community and Scrapinghub engineers.

This is a huge milestone for all you Scrapy users (and those who haven't used Scrapy due to the lack of Python 3). Scrapy veterans and new adopters will soon be able to move their entire stack to Python 3 once the release becomes stable. Keep in mind that since this a release candidate, it is not ready to be used in production.

An anonymous reader writes: According to various Chinese sources including Techweb (Chinese language), police in Zhejiang held a conference on Monday announcing that 20.59 million users of the 'Chinese eBay', taobao.com, had their login details stolen by proxy, when hackers ran user/pass combos from a stolen database of 99 million other users and found that more than 20% were using the same login credentials across different ecommerce sites.

Mark Wilson writes: It's around this time of year, with Black Friday looming and Christmas just around the corner, that online sales boom. Today security firm High-Tech Bridge has issued a warning to retailers and shoppers about a critical vulnerability in the popular Zen Cart shopping management system. High-Tech Bridge has provided Zen Cart with full details of the security flaw which could allow remote attackers to infiltrate web servers and gain access to customer data. Servers running Zen Cart are also at risk of malware, meaning that hundreds of thousands of ecommerce sites pose a potential danger. Technical details of the vulnerability are not yet being made public, but having notified Zen Cart of the issue High-Tech Bridge says the date of full public disclosure is 16 December.

HughPickens.com writes: According to James B. Stewart in the NY Times, for the past 16 years Walmart has often acted as though it hoped Amazon would just go away. When Walmart announced last week that it was significantly increasing its investment in e-commerce, it tacitly acknowledged that it had fallen far behind Amazon in the race for online customers. Now, the magnitude of the task it faces has grown exponentially as e-commerce growth continues to surge globally. "Walmart.com has been severely mismanaged," says Burt P. Flickinger III. "Walmart would go a few years and invest strategically and significantly in e-commerce, then other years it wouldn't.Meanwhile, Amazon is making moves in e-commerce that's put Walmart so far behind that it might not be able to catch up for 10 more years, if ever."

In 1999, Amazon was a fledgling company with annual revenue of $1.6 billion; Walmart's was about $138 billion. By last year, Amazon's revenue was about 54 times what it was in 1999, nearly $89 billion, almost all of it from online sales. Walmart's was about three times what it was 15 years before, almost $486 billion, and only a small fraction of that — 2.5 percent, or $12.2 billion — came from Walmart.com. Walmart's superefficient distribution system — a function of its enormous volume and geographic reach — was long the secret to Walmart's immense profitability. Ravi Jariwala, a Walmart spokesman, says that Walmart is building vast new fulfillment centers and is rapidly enhancing its delivery capabilities to take advantage of its extensive store network to provide convenient in-store pickup and adds that 70 percent of the American population lives within five miles of a Walmart store. "This is where e-commerce is headed," says Jariwala, which is to a hybrid online/in-store model. "Customers want the accessibility and immediacy of a physical store," along with the benefits of online shopping.

Mickeycaskill writes: Walmart is effectively open sourcing its OneOps cloud platform, with the source code set to be uploaded to GitHub at the end of 2015. By making the cloud platform open source, Walmart is taking the fight to Amazon Web Services by giving developers a chance to avoid vendor lock-in. Walmart argues that OneOps has four main advantages: cloud portability, continuous lifecycle management, faster innovation, and great abstraction of cloud environments. The company says that the move should increase competition between cloud service vendors. "We're enabling any organization to achieve the same cloud portability and developer benefits that Walmart has enjoyed,"said Jeremy King, CTO of Walmart Global eCommerce and head of WalmartLabs.

New submitter joesreviewss writes: Groupon is laying off about 10% of its workforce and is shutting down operations in seven countries. 1,100 people worldwide will be let go and the company will take a pre-tax charge of $35 million in the process. A Groupon statement reads in part: "Let’s be clear: these are tough actions to take, especially when we believe we’re stronger than ever. We’re doing all we can to make these transitions as easy as possible, but it’s not easy to lose some great members of the Groupon family. Yet just as our business has evolved from a largely hand-managed daily deal site to a true ecommerce technology platform, our operational model has to evolve. Evolution is hard, but it’s a necessary part of our journey. It’s also part of our DNA as a company and is one of the things that will help us realize our vision of creating the daily habit in local commerce."

An anonymous reader writes: The Competition Commission of India has opened an investigation into Google to decide whether the company unfairly prioritized search results to its own services. Google could face a fine of up to $1.4 billion — 10% of its net income in 2014. A number of other internet companies, including Facebook and FlipKart, responded to queries from the CCI by confirming that Google does this. "The CCI's report accuses Google of displaying its own content and services more prominently in search results than other sources that have higher hit rates. It also states that sponsored links shown in search results are dependent on the amount of advertising funds Google receives from its clients. Ecommerce portal Flipkart noted that it found search results to have a direct correlation with the amount of money it spent on advertising with Google." The company has faced similar antitrust concerns in the EU and the U.S

An anonymous reader writes: Right on schedule, OpenBSD 5.7 was released today, May 1, 2015. The theme of the 5.7 release is "Source Fish." There are some big changes in OpenBSD 5.7. The nginx httpd server was removed from base in favor of an internally developed httpd server in 5.7. BIND (named) was retired from base in 5.7 in favor of nsd(8) (authoritative DNS) and unbound(8) (recursive resolver). Packages will exist for BIND and nginx. This version includes a new control utility, rcctl(8), for managing daemons/services, USB 3 support and more. See a detailed log of changes between the 5.6 and 5.7 releases for more information. If you already have an OpenBSD 5.6 system, and do not want to reinstall, upgrade instructions and advice can be found in the Upgrade Guide. You can order the 5.7 CD set from the new OpenBSD Store and support the project.

Trailrunner7 writes: Rarely does anything have a defined turning point in its history, a single day where people can point and say that was the day everything changed. For OpenSSL, that day was April 7, 2014, the day that Heartbleed became part of the security lexicon. Heartbleed was a critical vulnerability in the venerable crypto library. OpenSSL is everywhere, in tens of thousands of commercial and homespun software projects. And so too, as of last April, was Heartbleed, an Internet-wide bug that leaked enough memory that a determined hacker could piece together anything from credentials to encryption keys.

"Two years ago, it was a night-and-day difference. Two years ago, aside from our loyal user community, we were invisible. No one knew we existed," says Steve Marquess, cofounder, president and business manager of the OpenSSL Foundation, the corporate entity that handles commercial contracting for OpenSSL. "OpenSSL is used everywhere: hundreds, thousands of vendors use it; every smartphone uses it. Everyone took that for granted; most companies have no clue they even used it." To say OpenSSL has been flipped on its head—in a good way—is an understatement.

Heartbleed made the tech world realize that the status quo wasn't healthy to the security and privacy of ecommerce transactions and communication worldwide. Shortly after Heartbleed, the Core Infrastructure Initiative was created, uniting The Linux Foundation, Microsoft, Facebook, Amazon, Dell, Google and other large technology companies in funding various open source projects. OpenSSL was the first beneficiary, getting enough money to hire Dr. Steve Henson and Andy Polyakov as its first full-timers. Henson, who did not return a request to be interviewed for this article, is universally known as the one steady hand that kept OpenSSL together, an unsung hero of the project who along with other volunteers handled bug reports, code reviews and changes.