If Yahoo gets it right, then the end-to-end email encryption the Internet company is promising would be a big help to companies concerned with privacy in the use of webmail, experts say. <\/p>\n
Alex Stamos, chief information security officer for Yahoo, announced last week at Black Hat that the company was developing a browser plug-in for encrypting messages sent from Yahoo Mail. <\/p>\n
[ Prevent corporate data leaks with Roger Grimes' \"Data Loss Prevention Deep Dive\" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ] <\/p>\n
[Yahoo! Encrypts! All! The! Things!] <\/p>\n
The company planned to release the plug-in next year. <\/p>\n
Stamos demonstrated the plug-in, which was \"pretty clunky,\" Cameron Camp, a security researcher at anti-virus vendor ESET who attended the demo, said. However, the early-stage technology was expected to be much better by the time it's released. <\/p>\n
The goal is to make end-to-end encryption (E2EE) easy enough that any company employee or consumer can send email over the Web that remains indecipherable until the recipient decrypts it. <\/p>\n
Deploying that level of secrecy today is difficult and is not user friendly, which hampers adoption by all but the most security conscious organizations. <\/p>\n
\"It's really hard to do,\" Camp said of E2EE. \"Their (Yahoo's) goal is to make it easy enough, so anyone can do it.\" <\/p>\n
Based on the demonstration, a person who wants to send an encrypted message would compose it through the plug-in, as opposed to on the regular Yahoo Mail interface. <\/p>\n
<\/p>\n