Yahoo encrypts traffic between data centers, plans for encrypted Messenger
Posted on 03 April 2014.
Newly appointed Yahoo CISO Alex Stamos has announced on Wednesday that the company has begun fully encrypting all the traffic moving between its data centers. The move was more than likely spurred by the revelations that the NSA taps overseas fiber-optic cables used by Google and Yahoo to exchange data stored in their many data centers in the US and abroad.

Yahoo, which has often been criticized for lagging behind other Internet companies when it comes to privacy protection, has additional great news on that front: it recently made HTTPS encryption enabled by default on Yahoo Mail, the Yahoo Homepage, and all search queries that run on it and most Yahoo properties.

"In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard," Stamos announced, and added that they have implemented support for TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of its global properties.

"Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default," he stated.

Other planned improvements in the coming months are a new, encrypted version of Yahoo Messenger (probably a reaction to Optic Nerve), and the implementation of HSTS, Perfect Forward Secrecy and Certificate Transparency.

"Our fight to protect our users and their data is an on-going and critical effort. This isnít a project where weíll ever check a box and be 'finished'," he concluded.

Yahoo is also expecting similar encryption standards from its partner companies. Stamos has shared with Tech Crunch that some ad providers have already left because they couldn't meet them.

He also said that all these protection are unlikely to thwart the dedicated efforts of a nation state targeting a specific user, but that they will protect users against bulk surveillance.









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //