April 3, 2014
Yahoo Bringing Better Encryption Technologies To The Table
Enid Burns for redOrbit.com - Your Universe Online
Yahoo! is in the midst of a large-scale project to employ encryption technologies to protect its users and their data. The company's new Chief Information Security Officer, Alex Stamos, updated users on Tumblr.
Firstly, as of march 31 all traffic moving between Yahoo! data centers is fully encrypted. Yahoo! Mail has become more secure as browsing has been moved to HTTPS by default, as well as encryption of mail between Yahoo! servers and other mail providers that support the SMTPTLS standard. Browsing on Yahoo! also has HTTPS encryption enabled by default.
Yahoo! has also implemented a number of additional encryption and security measures.
"We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard," wrote Stamos.
While Yahoo! still has measures to take in-house, it is working with vendors and companies it contracts to improve security at those points as well.
"One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem," Stamos wrote.
Once all measures are complete, Yahoo! will continue to work on security to keep up with encryption developments and stay ahead of hackers.
"In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isn’t a project where we’ll ever check a box and be 'finished.' Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy," Stamos wrote.
Much of the encryption efforts are in reaction to surveillance activities carried out by the National Security Agency. Wide-scale surveillance of Internet browsing, email and other online activities was brought to light by information leaked by Edward Snowden government contractor. Yahoo! initially stated that it would improve its encryption back in November, due to NSA activities, after being a target of the NSA program.
In addition to deploying its own surveillance, the NSA asked Yahoo! and other Internet companies for user information, as well as the ability to tap into activity on such networks, BBC News reports.
Encryption across the platform will benefit Yahoo! and its users. It will help against surveillance efforts of the NSA and other agencies, though it does not help against direct requests for data, which the NSA reportedly issued to Yahoo! and other Internet organizations.
Encryption will also help protect Yahoo! and its users from hackers. Yahoo!, and especially Yahoo! Mail, has been the target of a number of hacker attacks. Continued efforts will be necessary in order to stay ahead of hackers and government agencies.