Yahoo Issues Security Sitrep

http://www.raizlabs.com/gregshead/wp-content/uploads/sites/8/2013/09/yahoo_original.jpg

Yahoo has just announced a new effort to upgrade its security, in the wake of a torrent of breaches and hacker attacks over recent months.

Yahoo’s plans include encryption of data in motion, enabling HTTPS encryption, and implementing the latest in security best practices, said Chief Information Security Officer Alex Stamos, who took over the job in March.

A series of attacks that began last October resulted in Yahoo’s servers being taken offsite for several days in December, forcing CEO Marissa Mayer to make a public apology. In early January, security firm Fox-IT reported Yahoo was serving malvertisements, and on Jan. 30, Yahoo reported a coordinated effort to gain unauthorized access to Yahoo Mail accounts using data from a third-party database.

Users posted a laundry list of complaints about Yahoo’s service on Is It Down Right Now? going back to March 4. Some threatened to leave the service for Gmail.

Yahoo “should have done this earlier,” Sorin Mustaca, IT security expert at Avira, “but they were tackling other problems – losing users, revenue issues, losing market share — so security, as a nonfunctional requirement, was left to the end.”

View full post on Who Got Hacked – Latest Hacking News and Security Updates