Yahoo touts more security improvements
Security has taken center-stage at Yahoo, as the company continues to roll out encryption for its cloud services and its site in an attempt to keep users and their personal information safe from prying eyes.
"Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward", says Yahoo chief information security officer Alex Stamos. "Our goal is to encrypt our entire platform for all users at all time, by default. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem".
Yahoo has posted an update on the encryption roll-out on its Tumblr blog, which reveals the traffic between the company's own data centers is "fully encrypted", as of March 31. For email services that support SMTPTLS, which includes its own, Yahoo has also enabled encryption of email between its own servers and those of other providers.
Similarly, the Yahoo homepage and the search queries performed on it as well as "most Yahoo properties" now have HTTPS enabled by default. The company also flipped the switch on TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key, which it calls "security best-practices".
Considering that the RSA encryption practices have been previously revealed to be influenced by the NSA, Yahoo's efforts look to be more of a PR move. They will likely keep most hackers at bay, but not the US agency, which I strongly believe also has other means to get to Yahoo users' data.
On some Yahoo sites, like Finance, News and Sports, users will have to use https manually, as the security feature is not enabled by default by the company when using a browser. Yahoo has also added that the Messenger services will also see an encryption roll-out in the next couple of months.
"Our fight to protect our users and their data is an on-going and critical effort", adds Stamos. "We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy". PR move indeed.