There's a Lesson About Yahoo! Security I Learned from Palin Today

By mlissner - Posted on September 17th, 2008

Tagged:

The lesson is this: Yahoo! doesn't use encryption on their webmail. I'll repeat that: YAHOO! DOESN'T USE ENCRYPTION ON THEIR WEBMAIL!

I'm nothing short of shocked. I could have sworn that Yahoo! was a $26B company. Surely, SURELY they, of all people would see the importance and value of secure email, right? Nope.

They've been offering free email since at least April of 1996 when they had their IPO. Somehow in the last 12 years they never secured the damned thing? What?

Note below the conspicuous use of http rather than https:

mlissner's blog

I found an article today

Submitted by mlissner on Wed, 10/01/2008 - 16:40.

I found an article today that indicates that as of 2000 yahoo has been working on this problem. Still no solution though.

Here's the link, if you're interested: http://news.cnet.com/2100-1023-249140.html

FWIW, Gmail doesn't seem to

Submitted by Andrew Fiore (not verified) on Wed, 10/15/2008 - 22:40.

FWIW, Gmail doesn't seem to use encryption, either. Both use https for authentication, though, which is perhaps the most important thing. Then they redirect to a non-encrypted URL for the mail session itself, which does leave you open to local sniffing or some man-in-the-middle trickery...

True, but you can turn it on

Submitted by mlissner on Thu, 10/16/2008 - 15:12.

True, but you can turn it on by going into the Settings > Browser connection. It should be on by default though. No doubt about that.

Post new comment

Latest Posts

RSS :: Email Alert

Michael Lissner

There's a Lesson About Yahoo! Security I Learned from Palin Today

Post new comment

Latest Posts

Search

Subscribe