Skip to main content
  1. Home
  2. Computing
  3. News

Yahoo improves security in ‘massive project’ to shield data from snoopers and spies

By
microsoft warns of serious internet explorer flaw security
Image used with permission by copyright holder

Following NSA-related revelations that must have left a good many Yahoo users reviewing in their mind precisely what they had and hadn’t done during their various video chats in recent years, the Web company announced Wednesday it’s taken a number of significant steps to help better protect user data.

Alex Stamos, Yahoo’s chief information security officer, said in a blog post his team is in the middle of a “massive project” to ensure the data of Yahoo users is fully protected using various encryption technologies.

The measures include:

– Full encryption of traffic moving between Yahoo data centers by March 31

– A more secure Yahoo Mail service by making browsing over HTTPS the default, and encryption of mail between Yahoo servers and other mail providers.

– Encryption of the Yahoo homepage and all search queries that run on the Yahoo homepage and most Yahoo properties.

– The ability for users to initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo simply by typing “https” before the site URL in a Web browser.

– Encryption of Yahoo Messenger (in the coming months).

Stamos said in the post his team is working “around the clock” to give Yahoo users a more secure experience, with its goal to “encrypt our entire platform” for all users, by default.

“One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure,” Stamos wrote. “Our broader mission is to not only make Yahoo secure, but improve the security of the overall Web ecosystem.”

He described Yahoo’s moves to implement improved security features as “an on-going and critical effort,” and promised to “deploy the best possible technology to combat attacks and surveillance that violate our users’ privacy.”

Information published in October by whistleblower Edward Snowden purported to show that the NSA had secretly gained access to data centers belonging to Yahoo, as well as other major Web firms, enabling the government intelligence agency to intercept the communications and files of hundreds of millions of users.

More recent revelations showed that GCHQ – a UK intelligence agency – had been covertly collecting snapshots taken during Yahoo video chats, with the Guardian reporting “substantial quantities of sexually explicit communications” among the gathered material.

[Image: Maksim Kabakou / Shutterstock]

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more