Feeds

Yahoo! will! deploy! end-to-end! email! crypto! by! 2015!

Purple Palace also to loose script autobots to verify bug bounties

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Yahoo will fire up end-to-end (E2E) encryption for its email users by 2015, chief security officer Alex Stamos announced at Black Hat overnight.

The Purple Palace has also created a PGP plugin forked from Google's new offering that will be native in mobile apps allowing Gmail and Yahoo mail to easily exchange encrypted email.

The initiative has been a priority for Stamos @alexstamos during his six-month tenure at the company. He has created a new privacy engineering team poaching the Electronic Frontier Foundation's Yan Zhu who previously worked on that organisation's popular HTTPS Everywhere to develop E2E for Yahoo! Mail.

Yahoo's new division is actively hiring, Zhu said.

Alex Stamos

Alex Stamos

Encrypting email will bring Yahoo! up to speed as one of the most secure technology companies, many of which have turned up the security dials since National Security Agency whistleblower Edward Snowden released a trove of documents detailing widespread and well-resourced spying by the US and its Five Eyes allies.


Bug bounties have also gained some heft since Stamos was hired in March. He told attendees during his keynote chief executive officer Marissa Mayer each week personally reviewed outstanding security bugs.

Stamos shot down arguments decrying efforts to defend against spy agencies stating that "forcing adversaries to expend more effort is a valid goal".

He also flagged as a useful technology the concept of automating bug verification using scripts and said organisations should consider closing all of their outstanding bugs and re-opening only those which are relevant and verifiable. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.