By Alex Stamos, Chief Information Security Officer: “When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies as we discussed in our November 2013 Tumblr. So today, we’re updating you on our progress:
- Traffic moving between Yahoo data centers is fully encrypted as of March 31.
- In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.
- The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.
- We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.
- Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com) by typing “https” before the site URL in their web browser.A new, encrypted, version of Yahoo Messenger will be deployed in coming months.”