For folks still using Yahoo! email, recent news from SxSW may be a vindication of sorts. Yahoo! has just announced it has released the source used in its new encryption browser plugin. The plugin will permit users to easily encrypt emails 'end-to-end' -- using OpenPGP -- and thwart a famously nosy agency -- known as the NSA -- at the same time.
In IT Blogwatch, bloggers play keep away from the man in the middle.
Today's humble blogwatcher is Stephen Glasskeys.
Jeremy Kirk explains how unwarranted snooping has its consequences:
Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping.
The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities. MORE
Passwords are Dante D'Orazio's personal hell:
Passwords are terrible: they're inefficient and they're often insecure, too.
That's why Yahoo is taking a new approach, called "on demand" passwords. When you try to sign in, you'll see a "send my password" button instead of a traditional password text box if you enable the system. The new sign-on method is available now. MORE
Alex Stamos sounds like a proud papa:
At Yahoo, we're committed to protecting our users' security. That's why I'm so proud to share some updates on our latest security innovation: an end-to-end (e2e) encryption plugin for Yahoo Mail.
Just a few years ago, e2e encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online. MORE
Andrea Peterson shares a history lesson:
Yahoo has a history of being behind the times...it was late to roll out SSL by default for Web mail [only changing] after Snowden reports showed the the lack of the feature allowed the NSA greater ability to collect Yahoo users' digital address books than it could from other major providers.
But Stamos, who joined Yahoo a year ago, has been outspoken about user privacy and security, even going head to head with the director of the NSA in a heated exchange at a Washington cybersecurity conference last month. MORE
Richard Chirgwin goes on a bug hunt:
[The encryption plugin] code is covered by Yahoo!'s bug bounty, and Stamos says the company also hopes that other mail providers will get on board. Google is already playing along in Chrome.
The Wall Street Journal reports that Stamos reminded those in the SXSW audience that content encryption won't protect users against having their [email] headers snooped, since you can't route a message if the address isn't in the clear. MORE
Meanwhile, @bcrypt releases source -- with minutes to spare:
Open sourced our End to End fork 15 minutes before the sxsw demo. MORE
You have been reading IT Blogwatch by Richi Jennings and Stephen Glasskeys, who curate the best bloggy bits, finest forums, and weirdest websites…so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or email@example.com. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.