Yahoo Mail will become more difficult to hack in 2015, promises CISO

Yahoo isn't exactly known for being ahead of the curve when it comes to implementing security technologies for its users, but the company announced that all its 273 million Yahoo Mail users can expect end-to-end encryption by the end of 2015.

The announcement was made by Yahoo's new chief information security officer Alex Stamos, who co-founded the rebellious technology conference TrustyCon before joining Yahoo. Stamos announced on Thursday's Black Hat hacker and security conference held in Las Vegas that Yahoo is not only rolling in end-to-end encryption for Yahoo Mail, it is also working with Google to make the technology with Google's own encryption tool for Gmail.

As a result, any email sent from Yahoo Mail to Gmail and vice versa will be protected on a version of PGP (Pretty Good Privacy), an un-crackable encryption program that has long been tested to withstand vicious attacks. With PGP, the content of a user's email becomes unreadable to anyone who intercepts the email and will only become readable once the email reaches the proper receiver.

Yahoo has already enabled 2,048-bit encryption for Yahoo Mail, but the encryption only involves data sent to and from Yahoo Mail's web servers and the user's web browser. Until now, secure encryption from user to user has been difficult to implement, especially because regular users who have no background in security technology might find end-to-end encryption slows down their connection and is difficult too use. For users to use end-to-end encryption properly, they will have to learn how to send and receive encryption keys, store and manage these keys and use these keys to encrypt and decrypt their emails. Yahoo is tasked with the burden of making encryption easy and understandable for users to prevent them from switching over to other mail providers.

Additionally, while PGP encrypts the contents of an email, it leaves unencrypted the email's meta-information. For instance, while third parties intercepting the email might not be able to view its contents, they still can see the email addresses used by the sender of the receiver and the email's subject line.

"We have to make it clear to people it is not secret you're emailing your priest," Stamos said during the conference. "But the content of what you're emailing him is secret."

The world's biggest technology companies are becoming increasingly more concerned about online security after former National Security Agency contractor Edward Snowden's revelations of the government's large-scale surveillance program that involved intercepting email and phone communications of millions of individuals and corporations.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics