For folks still using Yahoo! email, recent news from SxSW may be a vindication of sorts. Yahoo! has just announced it has released the source used in its new encryption browser plugin. The plugin will permit users to easily encrypt emails 'end-to-end' -- using OpenPGP -- and thwart a famously nosy agency -- known as the NSA -- at the same time.

In IT Blogwatch, bloggers play keep away from the man in the middle.

Today's humble blogwatcher is Stephen Glasskeys.



Jeremy Kirk explains how unwarranted snooping has its consequences:

Yahoo released the source code for a plugin that will enable end-to-end encryption of email messages, a planned data-security improvement prompted by disclosures of U.S. National Security Agency snooping.

…

The company is asking security experts to look at its code, published on GitHub, and report vulnerabilities. MORE



Passwords are Dante D'Orazio's personal hell:

Passwords are terrible: they're inefficient and they're often insecure, too.

…

That's why Yahoo is taking a new approach, called "on demand" passwords. When you try to sign in, you'll see a "send my password" button instead of a traditional password text box if you enable the system. The new sign-on method is available now. MORE



Alex Stamos sounds like a proud papa:

At Yahoo, we're committed to protecting our users' security. That's why I'm so proud to share some updates on our latest security innovation: an end-to-end (e2e) encryption plugin for Yahoo Mail.

…

Just a few years ago, e2e encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online. MORE



Andrea Peterson shares a history lesson:

Yahoo has a history of being behind the times...it was late to roll out SSL by default for Web mail [only changing] after Snowden reports showed the the lack of the feature allowed the NSA greater ability to collect Yahoo users' digital address books than it could from other major providers.

…

But Stamos, who joined Yahoo a year ago, has been outspoken about user privacy and security, even going head to head with the director of the NSA in a heated exchange at a Washington cybersecurity conference last month. MORE



Richard Chirgwin goes on a bug hunt:

[The encryption plugin] code is covered by Yahoo!'s bug bounty, and Stamos says the company also hopes that other mail providers will get on board. Google is already playing along in Chrome.

…

The Wall Street Journal reports that Stamos reminded those in the SXSW audience that content encryption won't protect users against having their [email] headers snooped, since you can't route a message if the address isn't in the clear. MORE



Meanwhile, @bcrypt releases source -- with minutes to spare:

Open sourced our End to End fork 15 minutes before the sxsw demo. MORE