Security Advisor

Yahoo Announces Plans To Encrypt All User Data

Yahoo said that all data traveling through its datacenters will be encrypted by the end of the first quarter of 2014.

The announcement was made on Monday in a posting by Yahoo CEO Marissa Mayer and comes in the wake of the constant leaks by former NSA contractor Edward Snowden that allege that the National Security Agency has been monitoring customer data from large Internet firms like Yahoo, Google and Microsoft.

"As you know, there have been a number of reports over the last six months about the U.S. government secretly accessing user data without the knowledge of tech companies, including Yahoo," said Mayer in a released statement. "I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever."

According to Mayer, along with encrypting all data entering Yahoo's datacenters, it will also offer encryption options for all its services to customers and will work towards making sure all Yahoo mail will be Hypertext Transfer Protocol Secure (HTTPS)-enabled.

This comes after Yahoo announced in October that its mail service will use the Secure Sockets Layer (SSL) encryption standard with a 2048-bit key -- a security feature that will be available by Jan. 8, 2014. That announcement was made after a new batch of leaked documents showed that NSA's Special Source Operations branch intercepted 444,743 e-mail address books from Yahoo in one day in 2012.

The move also catches Yahoo's security standards up with Google, which has been using the same encryption standard for its Gmail service since 2010. Facebook also said it's currently implementing stronger encryption safeguards but has yet to give a timetable on its implementation.

While strengthening encryption will help guard against traditional data thieves, it may not do much good against the threat it's in response to: government surveillance.

According to a September batch of leaked Snowden documents,  both the NSA and its British counterpart, the British Government Communications Headquarters (GCHQ), have allegedly been able to circumnavigate most encryption standards since 2010 through either Internet companies' participation or covertly inserting code that would grant the agencies backdoors to user's data.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Talks Teams and SharePoint at Modern Workplace Event

    It's a hybrid world, but remote work is here to stay, according to Microsoft's Teams and SharePoint head Jeff Teper.

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

comments powered by Disqus