Yahoo's new CISO Alex Stamos is wasting no time shoring up the company's weak security. His first moves have been encryption-focused, but that's just for starters. Hiring Stamos "was a great move," said SilverSky CTO Andrew Jaquith. "He's got serious street cred ... . Assuming he gets the funding and authority he needs, Yahoo should be able to make some serious strides."
Yahoo has announced a new effort to upgrade its security, in the wake of a torrent of breaches and hacker attacks over recent months.
Yahoo's plans include encryption of data in motion, enabling HTTPS encryption, and implementing the latest in security best practices, said Chief Information Security Officer Alex Stamos, who took over the job in March.
A series of attacks that began last October resulted in Yahoo's servers being taken offsite for several days in December, forcing CEO Marissa Mayer to make a public apology. In early January, security firm Fox-IT reported Yahoo was serving malvertisements, and on Jan. 30, Yahoo reported a coordinated effort to gain unauthorized access to Yahoo Mail accounts using data from a third-party database.
Users posted a laundry list of complaints about Yahoo's service on Is It Down Right Now?going back to March 4. Some threatened to leave the service for Gmail.
"The fact that [Yahoo] have had issues suggests they need to up their game," remarked Andrew Jaquith, chief technology officer at SilverSky.
Yahoo "should have done this earlier," Sorin Mustaca, IT security expert at Avira, told TechNewsWorld, "but they were tackling other problems -- losing users, revenue issues, losing market share -- so security, as a nonfunctional requirement, was left to the end."