Yahoo puts email encryption plugin source code up for review

Yahoo puts email encryption plugin source code up for review

Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping.

The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities, wrote Alex Stamos, Yahoo’s chief information security officer, in a blog post.

The plugin should be ready by year end, wrote Stamos, who gave a presentation on Sunday at the South by Southwest conference in Austin, Texas.

Yahoo and Google have been collaborating to make their email systems compatible with end-to-end encryption, a technology based on the public-key cryptography standard OpenPGP. End-to-end encryption is not widely used, as it can be difficult for non-technical users to set up.

The technology encrypts a message’s contents so only the sender and recipient can read it. A message’s subject line is not encrypted, however, and neither is the routing metadata, which can’t be scrambled since it is needed in order to send a message.

A video included in the post by Stamos showed how someone could set up an encrypted message much faster using the company’s plugin versus using GPG Suite, a software package for sending encrypted email on Apple’s OS X.

Yahoo vowed to improve its data security after documents leaked by former NSA contractor Edward Snowden showed the spy agency had penetrated the company’s networks as well as those of many others, including Google.

Email encryption is one of a number of security improvements Yahoo and Google have undertaken.

In March 2014, Yahoo began encrypting traffic flowing between its data centers after information from Snowden indicated the NSA had access to those connections.

Google also encrypts connections between its data centers. Like Yahoo, the company has published its Chrome extension for end-to-end encryption on GitHub as well.

Recommended

Google and Yahoo Encrypting Ad Network Connections

Google and Yahoo in separate announcements said they will individually encrypt ad network connections to reduce bot traffic and other types of ad fraud. The news coincides with the release of Malwarebytes Labs findings last week. Researchers found malvertising in Flash ads involving the DoubleClick ad network. The two companies have support. The Interactive Advertising ...

Yahoo Rolls Out End-To-End Encryption For Email

Back in 2012 (pre-Snowden!), we wrote about why Google should encrypt everyone's emails using end-to-end encryption (inspired by a post by Julian Sanchez saying the same thing. Since then, securing private communications has become increasingly important. That's why we were happy to see Google announce that it was, in fact, working on a project to ...

Tired of forgetting your password? Yahoo says you don't need one any more

Passwords: easily forgotten, but also easily guessed. It’s a bitter irony that minutes can be spent racking brains trying to remember whether a required security question answer is a pet’s name, first school or place of birth – meanwhile a cyber-criminal is merrily typing in a person’s favourite colour and relieving bank accounts of hard-earned ...

Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...

暂无评论

发表评论

您的电子邮件地址不会被公开,必填项已用*标注。

This site uses Akismet to reduce spam. Learn how your comment data is processed.