April 3, 2014 <\/p>\n
Enid Burns for redOrbit.com Your Universe Online <\/p>\n
Yahoo! is in the midst of a large-scale project to employ encryption technologies to protect its users and their data. The companys new Chief Information Security Officer, Alex Stamos, updated users on Tumblr. <\/p>\n
Firstly, as of march 31 all traffic moving between Yahoo! data centers is fully encrypted. Yahoo! Mail has become more secure as browsing has been moved to HTTPS by default, as well as encryption of mail between Yahoo! servers and other mail providers that support the SMTPTLS standard. Browsing on Yahoo! also has HTTPS encryption enabled by default. <\/p>\n
Yahoo! has also implemented a number of additional encryption and security measures. <\/p>\n
We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard, wrote Stamos. <\/p>\n
While Yahoo! still has measures to take in-house, it is working with vendors and companies it contracts to improve security at those points as well. <\/p>\n
One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoos hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem, Stamos wrote. <\/p>\n
Once all measures are complete, Yahoo! will continue to work on security to keep up with encryption developments and stay ahead of hackers. <\/p>\n
In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months. This isnt a project where well ever check a box and be finished. Our fight to protect our users and their data is an on-going and critical effort. We will continue to work hard to deploy the best possible technology to combat attacks and surveillance that violate our users privacy, Stamos wrote. <\/p>\n
<\/p>\n