Yahoo’s new CISO promises more after encryption drive
Internet giant Yahoo has confirmed additional encryption across its systems, after raising concerns over the intrusive actions of the National Security Agency, as revealed by whistleblower Edward Snowden.
Recently-appointed chief information security officer Alex Stamos made the announcement over the official company Tumblr, where he confirmed traffic moving between Yahoo data centres was fully encrypted from 31 March.
Reports had indicated the NSA was scooping up traffic from the links between Yahoo’s data centres.
Yahoo chucks encryption everywhere
The company has also turned on encryption of email between its own servers, having already turned on browsing over HTTPS the default in Yahoo Mail.
Many of its properties have also added support for the TLS 1.2 encryption standard and Perfect Forward Secrecy, a system where the compromise of one message does not mean others will be read. Stronger 2048-bit RSA keys have also been deployed widely across Yahoo.
An encrypted version of Yahoo Messenger “will be deployed in coming months”, Stamos added.
“Our goal is to encrypt our entire platform for all users at all time, by default,” he said.
“One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem.
“We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.”
Yahoo has been one of the most vocal critics of the NSA’s actions. Stamos was appointed not long after he organised TrustyCon, an event held in protest at the RSA conference over alleged collusion between the EMC-owned security organisation and the NSA.
Are you a security expert? Try our quiz!