Yahoo Encrypting Data In Wake of NSA Revelations

← Back to Stories (view on slashdot.org)

Yahoo Encrypting Data In Wake of NSA Revelations

Posted by samzenpus on Monday November 18, 2013 @09:02AM from the protect-ya-neck dept.

Nerval's Lobster writes "Following reports that the NSA aggressively targets Google and Yahoo servers for surveillance, Yahoo is working to encrypt much of the data flowing through its datacenters. 'As you know, there have been a number of reports over the last six months about the U.S. government secretly accessing user data without the knowledge of tech companies, including Yahoo,' Yahoo CEO Marissa Mayer wrote in a Nov. 18 blog posting. 'I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency.' In order to make Yahoo's systems more secure, she added, the company is introducing SSL (Secure Sockets Layer) encryption to Yahoo Mail with a 2048-bit key. That security measure will supposedly be in place by January 8, 2014. Beyond that, Yahoo plans on encrypting all information that moves between its datacenters by the end of the first quarter of 2014. Around that same time, the company will give users the option to encrypt all data flowing to and from Yahoo; it will also 'work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled,' Mayer wrote. (While it's not a crushing expense for massive companies such as Yahoo, introducing this sort of security does add to infrastructure and engineering costs, and takes time to actually put in place.)"

137 comments

Min score:

Reason:

Sort:

Which Encryption Scheme is Safest? Can we tell? by Press2ToContinue · 2013-11-18 09:02 · Score: 4, Interesting

Not mentioned was which encryption schemes Yahoo is considering. Maybe it's simply HTTPS, but is that good enough? Are there other possibilities?
Since the NSA has backdoored encryption schemes in the past, how can Yahoo determine if the scheme they implement is actually going to prevent the NSA from decrypting it? It's a serious question, and you can patly answer "you can't", but if I were responsible for implementing this scheme, this is the question I would pose to the team and require some sincere digging because it would be an even bigger embarrassment to implement the encryption, and then read another Snowden-esque revelation showing it was for nothing, and I was made a fool of.

--
Sent from my ENIAC
1. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:05 · Score: 0
  
  Not mentioned was which encryption schemes Yahoo is considering. Maybe it's simply HTTPS, but is that good enough? Are there other possibilities?
  Since the NSA has backdoored encryption schemes in the past, how can Yahoo determine if the scheme they implement is actually going to prevent the NSA from decrypting it? It's a serious question, and you can patly answer "you can't", but if I were responsible for implementing this scheme, this is the question I would pose to the team and require some sincere digging because it would be an even bigger embarrassment to implement the encryption, and then read another Snowden-esque revelation showing it was for nothing, and I was made a fool of.
  And probably fired for wasting company resources but hey, I'm sure the NSA will at least give you a medal.
2. Re:Which Encryption Scheme is Safest? Can we tell? by DougOtto · 2013-11-18 09:06 · Score: 2
  
  This protects them from a "man in the middle" how?
  
  If the government has the keys it doesn't matter how many bits they use.
  
  --
  Solving Unix problems since 1989...
3. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:07 · Score: 0
  
  it could be rot13 for all they care..this is just a marketing announcement
4. Re:Which Encryption Scheme is Safest? Can we tell? by Shakrai · 2013-11-18 09:12 · Score: 5, Informative
  
  Not mentioned was which encryption schemes Yahoo is considering. Maybe it's simply HTTPS, but is that good enough
  HTTPS isn't an encryption scheme, it's a mechanism to establish a (theoretically) secure channel of communications. The actual ciphers to be used are negotiated between server and client, and can range from "You're kidding, right?" (RC4) to "The Federal Government claims it's good enough for Top Secret data." (AES-256)
  As with everything, there's a level of third party trust (the certificate authorities) or shoe-leather (exchanging keys in person) that's required regardless of the ciphers you end up using. That's a whole different discussion though.
  
  --
  I want peace on earth and goodwill toward man.
  We are the United States Government! We don't do that sort of thing.
5. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:24 · Score: 0
  
  'As you know, there have been a number of reports over the last six months about the U.S. government secretly accessing user data without the knowledge of tech companies, including Yahoo,' Yahoo CEO Marissa Mayer
  'As you know we had been openly and willfully been giving any and all data to the NSA without putting fight, we continue to be like Google and others be using PR propaganda to deny such allegations, this includes putting back doors into are servers, as well as being fully aware of the NSA's latest "tapping" schemes, but rest assured we will give the impression we will fight this by created another openly back door into giving the NSA are encryption keys, or making it known which encryption we will use to make the transition go without a hitch for both Yahoo and the NSA'
  Why do they keep denying these leaks? Either these companies simply do not care or they think the general public buys into there press releases over there concern for you privacy. The part that bothers me the most is just how many people buy into there "we see and know nos'thing, NOS'THING!"
6. Re:Which Encryption Scheme is Safest? Can we tell? by Jeremiah+Cornelius · 2013-11-18 09:24 · Score: 4, Funny
  
  Yeah. SSL/TLS. That's just as effective against a determined state actor, with access to the telecommunication infrastructure, as a Kleenex Condom.
  "You don't need to see his papers. This is the certificate you are looking for..."
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
7. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:25 · Score: 0
  
  The encryption scheme that is best is called IPSec.
  And make certain you run it in secure mode with proper cyphers, not something stupid like DES or with pre-shared keys. And only, only, trust your own central CA (ie. NOT the public CA!!), with some hardware RNG that is not connected to the network for certificate generation.
  They would also have to be certain that all servers not connect to the network until after they have enough entropy to not generate guessable shared keys. In details lies the problems. Always the details!
8. Re:Which Encryption Scheme is Safest? Can we tell? by Dahamma · 2013-11-18 09:39 · Score: 4, Informative
  
  IPSec is no more an encryption scheme than HTTPS. Both are protocols that use authentication and encryption schemes, they just work at different layers of the stack.
9. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:42 · Score: 0
  
  Wait, are you saying Kleenex Condoms do not leave me invulnerable to viral infections? I was kind of betting on that. Damn.
10. Re:Which Encryption Scheme is Safest? Can we tell? by jeff4747 · 2013-11-18 09:43 · Score: 1
  
  Modern encryption works by making it take a very, very, very long time to brute-force the encrypted data. Part of that lengthy time is the hardware involved in the brute-force effort.
  The NSA has resources well beyond what are available to the rest of us - the joke is the NSA measures its computing power in acres.
  Add that to large budgets to develop specialized hardware, and nice standard encryption algorithms to target with that hardware, and it's not clear that the NSA can't read everything. Encrypted or not.
11. Re:Which Encryption Scheme is Safest? Can we tell? by MooseTick · 2013-11-18 09:44 · Score: 2
  
  Will a Kleenex Condoms protect me from a man in the middle?
  
  --
  Ninjas don't carry tic tacs
12. Re:Which Encryption Scheme is Safest? Can we tell? by sl4shd0rk · 2013-11-18 09:44 · Score: 1
  
  Maybe it's simply HTTPS, but is that good enough?
  
  No, not really. In security, you don't have infallible trust in a system which isn't verifiable -- which means, just because Yahoo says they are doing transport encryption in their data center doesn't automatically make that system trustworthy. You need proof that they have done what they said. Otherwise, it's just their word.
  Secondly, Yahoo's biggest problem is the data laying on the disks. They can encrypt the traffic all they want that doesn't do anything for the mail stores on disk. Ms. Mayer is basically throwing a bunch of pointless acronyms that mean "we do HTTPS". Big whoop.
  
  --
  Join the Slashcott! Feb 10 thru Feb 17!
13. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:45 · Score: 0
  
  You are presuming that this is going to be more effective than just security theatre. I think it is not much more than hoping to prevent the loss of overseas customers that suddenly are frightened of the cloud.
  All of the major providers will do this, once one commits to it. As you can see, they are all starting to commit to it.
  If they are truly serious about it, that will be something that remains to be seen. It may be that some are more serious than others. As you said, simply HTTPS... one can ask if that is good enough (and I would suggest that, no, it is not. HTTPS is a privacy lock, not a security lock).
14. Re:Which Encryption Scheme is Safest? Can we tell? by Delarth799 · 2013-11-18 09:47 · Score: 1
  
  Well I'm sure the 20 or so people who still use Yahoo feel very secure just knowing that Yahoo is trying to do something.
15. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 09:52 · Score: 0
  
  Well, that would be stretching it... Maybe the two-layered kind will hold.
16. Re:Which Encryption Scheme is Safest? Can we tell? by EdIII · 2013-11-18 10:03 · Score: 5, Insightful
  
  The issue is not whether they can brute force encryption.
  We already assume they have the capability of brute forcing all encryption within a reasonable time frame. Something hilariously well protected? 3-6 months.
  That being said, the NSA, still only has so many units of discrete work it can perform in a given period . Now, unless you are going to try to convince me that the NSA has computing power many orders beyond the total computing power of the entire planet, it means there is still safety in numbers.
  Mass. Surveillance.
  That's the real game. That's the real threat to privacy and freedom. If everyone makes sure that the NSA has to waste those work units decoding a pair of testicles you sent to your best friend, the NSA is still left with picking and choosing its battles .
  I'm okay with that. If the NSA really can break all of my communication and files within a week or two, but can only do it for several dozen Americans at a time during that period, we are all still protected as a whole. The NSA can still do its job. Yes, there was an original job they ostensibly are supposed to perform in my best interests.
  The sheer magnitude of what would need decryption for mass surveillance makes it illogical to worry about, IF WE ARE USING ENCRYPTION EVERYWHERE AND ZERO-KNOWLEDGE 3RD PARTY SERVICES. I can't stress that last part enough.
17. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 10:08 · Score: 0
  
  Uh.. they need more than just access to the infrastructure. They would need the ability to sign their own certificates with a valid (or stolen) key. They may or may not have that, but saying that access to the infrastructure itself is all that is required is incorrect.
18. Re:Which Encryption Scheme is Safest? Can we tell? by mlts · 2013-11-18 10:09 · Score: 2
  
  Encryption schemes are important, but whenever someone mentions "let's encrypt it", I cringe.
  Encryption isn't some magic switch that you turn on and all your data is 100% secure from bad guys. What happens is that it makes a smaller chunk of data (i.e. the key or keys) the valuable part.
  Key management isn't a cookie-cutter thing. Error on security, and your data can't be recovered. Error on accessibility, and the bad guys now have your keys and can get your data.
  A small company can get by with burning an archival CD-ROM, as well as printing out all keys (passwords especially, but .asc files of private keys as well [1]) A bigger company would have recovery info be split up among corporate officers in a "x out of y" structure (where 3 out of 5 officers are needed to regenerate the master key.) Even larger companies would have regional managers, and far more exotic key management layouts with multiple recovery paths.
  If Yahoo decides to just "encrypt it", they need to put in a good key management structure in place... and of course, that will be the prime target for bad guys [2], so it has to be worth the security payoff of keeping the eggs in one basket.
  [1]: Yes, it will be hell and a half to retype in, but it will be there. Having archival media on a CD helps with that, but if bit rot nails the CD, there is always the paper copy.
  Oh, and don't try utilities which print bitmaps to paper like Paperbak. I've had great look in printing them out... but scanning them in and recovering any data... absolutely zero luck whatsoever, so don't bother with those utilities as of now.
  [2]: The NSA is hyped, but one major threat are blackhats who would love access to Yahoo's assets for blackmail, DDoS, extortion, or to find other people to attack.
19. Re:Which Encryption Scheme is Safest? Can we tell? by swb · 2013-11-18 10:14 · Score: 3, Interesting
  
  Most of the SANs I've seen support disk encryption and IPSec encryption between the SAN and the host or OS talking to it. If your OS writes encrypted data to storage (encrypted filesystem) as well, you have two layers of encryption on the platter and two layers of encryption in transit.
  Of course that doesn't address weaknesses in ciphers or key exchange systems, but it seems like it would make it a lot harder to get at the data because the only place it is decrypted is during interprocess communication (decrypting from the filesystem and before re-encrypting it for final transit to client).
  Not that this trivializes that risk, but it seems to make it a lot tougher.
20. Re:Which Encryption Scheme is Safest? Can we tell? by Fwipp · 2013-11-18 10:15 · Score: 5, Informative
  
  Yes, that is how encryption works. But if your key is large enough, the time & energy to brute force it will take much longer than your lifespan. As an example I just googled, brute-forcing AES-128 at 10 Petaflops would take 10 quintillion years (10^18). http://www.eetimes.com/document.asp?doc_id=1279619
  The _real_ concern is that the NSA knows of weaknesses in these encryption schemes, and doesn't have to brute force it.
21. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 10:17 · Score: 1
  
  Well,
  My Guess is SSL/TLS is fine but the trust system is broken against a motivated state actor.
  (forgive my terminology...it's been a while since I've delt with certificates)
  1.) Steal the private key from Google, Yahoo, etc.
  2.) Force a trusted certificating authority to issue a leaf/signing certificate. Then the government can issue SSL certs for Yahoo, Google, etc on behalf of that certificating authority who gave them a leaf certificate.
  3.) Steal the signing certs of a root authority
  4.) Setup a shell trusted certificate authority and force the browsers to trust it
  The list goes on......
  I've actually performed a version of #4 so I could track SSL internet usages (pharma sucks).
  Essentially, a proxy decrypts the traffic, the system issues a certificate on the fly for the website (Google, Yahoo, etc) and then re-encrypts the traffic and sends it to the user.
  Every machine had my proxy installed as a Certificating Authority.....Unless you looked into the certificate trust chain, you would never see it.
  In the Case of Yahoo, the NSA would most likely force Yahoo to give up their key or force Equifax (their certification authority) to issue a Yahoo certificate.
  Though I would place my money on the government already having a leaf/signing certificate from Equifax that the government can use against any of Equifax's customers.
22. Re:Which Encryption Scheme is Safest? Can we tell? by lgw · 2013-11-18 10:19 · Score: 3, Informative
  
  No one is ever going to brute force a 256-bit symmetric key. Even if you imagine a matrioshka brain (turn the entire energy output of a star into computation) it would take longer than the age of the universe. A 128-bit symmetric key is safe from brute force vs all realistic threats.
  If the math is flawed, OTOH, or your "random" key wasn't so random, it's easy (there is deep suspicion about the RNG built into Intel procs these days).
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
23. Re:Which Encryption Scheme is Safest? Can we tell? by erikkemperman · 2013-11-18 10:25 · Score: 1
  
  As with everything, there's a level of third party trust (the certificate authorities) or shoe-leather (exchanging keys in person) that's required regardless of the ciphers you end up using. That's a whole different discussion though.
  You're of course right in pointing out the distinction between the transfer protocol and the encryption.
  I don't believe Yahoo (or any other big player) facilitate the shoe-leather alternative though, it's third party certification or nothing.
  
  --
  Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
24. Re:Which Encryption Scheme is Safest? Can we tell? by lgw · 2013-11-18 10:25 · Score: 1
  
  I'd be surprised if any "big data" uses SAN. I don't know about Yahoo, but Google, MS, and I'm pretty sure Amazon all use simple direct-attach storage. It's a bit silly to be worried about anyone reading the data off of 10000 servers through some backchannel without being noticed. Encrypting the links between those servers would accomplish a lot, IMO.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
25. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 10:26 · Score: 0
  
  Or alternatively, the NSA knows of weaknesses that allow the message to be decrypted in significantly less time. Maybe they can decrypt a message in just a matter of weeks or months instead of bazillions of years.
26. Re:Which Encryption Scheme is Safest? Can we tell? by swb · 2013-11-18 10:34 · Score: 1
  
  And I would imagine that the distributed filesystems they use on those systems probably aren't even very coherent even if you could read a physical disk.
27. Re:Which Encryption Scheme is Safest? Can we tell? by Mister+Liberty · 2013-11-18 10:45 · Score: 1
  
  ...how can Yahoo determine if the scheme they implement is actually going to prevent the NSA from decrypting it? It's a serious question
  Yes it is. And these SE-Corps (looking at you GOOGLE!) should be much more vocal and transparent in letting the public know the predicaments they as a Corporation are in, what factors are there to consider, and their respective weights, what the options are that they're contemplating, and what their decisisions, when made, are based on.
  In short -- your users may be searchers, and as such they are learners They are not dumb and will not be kept in the dark!
  To NOT mention, to AVOID SUBJECT, to be SILENT, are all modes of being vocal, as a matter of fact very vocal, but prob. not in the way and having the consequences that your business model much agrees with.
28. Re:Which Encryption Scheme is Safest? Can we tell? by bobbied · 2013-11-18 10:46 · Score: 2
  
  Since the NSA has backdoored encryption schemes in the past, how can Yahoo determine if the scheme they implement is actually going to prevent the NSA from decrypting it?
  You have to understand that any key based encryption technique is breakable. It doesn't matter what key based technique you use, it can eventually be brute forced. All you can hope to do is make it take a very long time to decode, so long that the message becomes not worth the effort.
  There are "unbreakable" techniques, but they all require a one use a random pad that both parties know, but never disclose or reuse. That's about the *only* way to make sure the NSA cannot decode your stuff. Good luck doing that Yahoo.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
29. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 11:06 · Score: 0
  
  it doesn't matter, they gave the keys to the NSA
30. Re:Which Encryption Scheme is Safest? Can we tell? by Jeremiah+Cornelius · 2013-11-18 11:24 · Score: 1
  
  No. They'd only need to control DNS for completely bogus keys.
  Now. How'd they pull that off?
  Beside which, getting real private keys hasn't been hard for them, it seems. Got PEM?
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
31. Re:Which Encryption Scheme is Safest? Can we tell? by mlts · 2013-11-18 11:26 · Score: 3, Informative
  
  It depends on where the "brains" are. Facebook (IIRC) has the redundancy on the backend app layer where coupled with NoSQL, if something drops... there is some redundancy built in somewhere to pick it off, or drop a couple tuples, but the tables still have their integrity. Whole servers can drop off the map, and Facebook will keep going. Isn't pretty, but their model really can handle stuff getting tossed here and there.
  Apple, on the other hand, uses Teradata systems with NetApp appliances on the backend, so one large cloud provider does go with the more traditional storage stack model found in the enterprise. However, unlike losing a FB post or two, a user losing chunks of their data would not be a good thing, so Apple's model tends to be more rigidly ACID compliant.
32. Re:Which Encryption Scheme is Safest? Can we tell? by Jeremiah+Cornelius · 2013-11-18 11:26 · Score: 1
  
  That depends if you are topping him.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
33. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 12:12 · Score: 0
  
  At a private company they can just exchange one-time-pad keys and the code becomes unbreakable.
34. Re:Which Encryption Scheme is Safest? Can we tell? by LifesABeach · 2013-11-18 14:14 · Score: 1
  
  Yahoo can encrypt all it wants, it's where the data is unencrypted that the NSA would be waiting. And every other spy angency with 10 cents of common sense.
35. Re:Which Encryption Scheme is Safest? Can we tell? by fustakrakich · 2013-11-18 17:49 · Score: 2
  
  As an example I just googled, brute-forcing AES-128 at 10 Petaflops would take 10 quintillion years (10^18).
  Brute-forcing Yahoo's CIO at about 1 lash per second with a rubber hose won't even take 5 minutes. And a single National Security Letter will shut the whole thing down anyway.
  Where's the beef?
  
  --
  “He’s not deformed, he’s just drunk!”
36. Re:Which Encryption Scheme is Safest? Can we tell? by Bert64 · 2013-11-18 21:39 · Score: 1
  
  And do you trust all the ssl certificate authorities? How many of those are based in the US and thus fall under the jurisdiction of the NSA? Come to think of it so does yahoo, who's to say the government wont simply demand that they hand over all their keys?
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
37. Re:Which Encryption Scheme is Safest? Can we tell? by Bert64 · 2013-11-18 21:46 · Score: 1
  
  The simplest concern is the way sites are authenticated by certificate authorities... Some of those certificate authorities are under US jurisdiction and thus beholden to the NSA, and others are under the jurisdiction of other governments who may well want to do the same thing.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
38. Re:Which Encryption Scheme is Safest? Can we tell? by Bert64 · 2013-11-18 21:48 · Score: 1
  
  Only a small fraction of people understand the technology enough to know that proof is required, not only proof that encryption is being used but also that its implemented correctly and the keys are securely stored.
  The vast majority of people will just read the marketing literature and assume that yahoo aren't trying to mislead them. They don't understand how these things work and don't care to, they simply put blind trust in what they're being told.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
39. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-18 22:53 · Score: 0
  
  No, but if the man in the middle is clean and healthy it could protect YOU!
40. Re:Which Encryption Scheme is Safest? Can we tell? by Joce640k · 2013-11-18 23:40 · Score: 1
  
  The NSA has resources well beyond what are available to the rest of us -
  Yawn. This myth has been debunked millions of times now.
  Short version: Brute-force of 128-bit encryption cannot be done.
  Longer version: The laws of thermodynamics are what prevent it, not the size of the NSA's budget.
  
  --
  No sig today...
41. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-19 02:24 · Score: 0
  
  When I worked there, we had to use encryption for all cross-data centre traffic. There were a few exceptions granted due to practicality, but in general, you had to do it.
  As an example, I set up some MySQL servers with cross-site replication. I used the (internally recommended) stunnel packages from the company package repo to do so. However, had I not been reading the doco so carefully, I could just have easily used some ssh tunnels (and indeed some people did exactly that).
  I can't say if Yahoo would hand over keys for these tunnels, but I can say they were generated by me at the time of install. I'd be surprised if Yahoo's stunnel packages, or indeed their SSH packages were intentionally crippled, although it's possible - just as it's possible anyone else's are, I guess. From the NSA's point of view, I suspect the replication and other cross-site traffic isn't all that interesting. What goes in and out of the front end sure is, and that's probably where they have their network sniffers.
  Personally, I see this announcement as being "we're almost there, so we're just going to get the last 10% done". It's a good move for Yahoo - it makes their internal rules simpler (because there are no exceptions), it makes their public offering simpler, and it helps to define their stance with such things (and maybe puts them ahead of some of the other players by a short distances too). It does add a bit of cost here and there, because they'll probably have to use some VPNs to cover the many-to-many replication applications that don't lend themselves well to using individual tunnels.
42. Re:Which Encryption Scheme is Safest? Can we tell? by PrimaryConsult · 2013-11-19 03:05 · Score: 1
  
  For [1], printing the key out in a sequence of QR codes (or variant) would probably be a good compromise between plaintext paper and disc. QR codes have better built in error correction than teams of people typing in a long sequence of arbitrary characters...
43. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-19 03:20 · Score: 1
  
  Encryption assumes the channel is compromised. Avoiding an intercepter being able to make use of the data is the point.
44. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-19 03:23 · Score: 1
  
  If the government demands Yahoo turn over all transmissions they fight it. If they lose (which they likely will) it becomes hard to keep that secret from lots of employees who might squeal.
45. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-19 03:28 · Score: 1
  
  They can't brute force. Do the math. There are 2.8x10^147 primes which are good candidates for 1024-4096 bit keys. If you were to use every atom in the universe to compute 1 prime per nanosecond you still ain't close to brute forcing your way out.
46. Re:Which Encryption Scheme is Safest? Can we tell? by mlts · 2013-11-19 03:40 · Score: 1
  
  I've tried that, with varying success. A lot of readers will not work with the larger QR codes (which would be needed for decoding a 2048-4096 bit key block), and other readers just give up with regards to alignment if the block is too big.
  If there is very standard code system which would work for this (a QR variant, since it does have built in error correction), it is a good thing to have included with a human readable (and retypable) output.
47. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-19 07:08 · Score: 0
  
  1. There is OTP. You can even you it yourself. It's essentially the same problem as generating lottery numbers. Not rocket science. Canada and New Zealand did that before they could afford expensive cipher machines for their diplomatic traffic. Provably secure if properly done (ie. not the Russian way).
  2. Use Scherbius2014 on a separate cipher computer which will never be connected to the net. Then they have to actually cryptanalyse Blowfish as opposed to simply hacking the computer which runs the cipher algorithm. Works like the ENIGMA, TYPEX or SIGABA worked in the 40s and 50s.
48. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-19 07:09 · Score: 0
  
  It is not the fault of SSL/TLS if you don't run your own CA. Rather, it is a social problem.
49. Re:Which Encryption Scheme is Safest? Can we tell? by Anonymous Coward · 2013-11-19 09:01 · Score: 0
  
  You completely misunderstand how encryption on the Internet works.
  Your browser has stored public keys which are used to verify the signature of retrieved keys. Spoofing a registrar or any other site does not compromise this, the keys themselves still need to be compromised or appropriate signatures made with other keys that your browser thinks are valid.
  Controlling the DNS is only half of the problem, the keys are the other half. Unless you are suggesting that they simply strip https off all together and redirect you to a http site that they serve.
50. Re:Which Encryption Scheme is Safest? Can we tell? by lgw · 2013-11-19 09:52 · Score: 1
  
  Facebook puts all "content" data on MySQL (only Google uses NoSQL for content, everyone else uses sharding over SQL servers).
  Apple uses Azure for their cloud stuff, you might be thinking of their internals (for billing and customer data and so on) with that storage stack.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
51. Re:Which Encryption Scheme is Safest? Can we tell? by mlts · 2013-11-19 09:59 · Score: 1
  
  Thanks for the correction. I got the Teradata/NetApp info from an article of when their data center originally opened, and it was claimed that was their mainstay for storage.
52. Re:Which Encryption Scheme is Safest? Can we tell? by RespekMyAthorati · 2013-11-19 13:52 · Score: 1
  
  You clearly know nothing about brute-force code breaking.
  
  To brute-force a 4096-bit key pair in a reasonable time would require not acres of computers,
  but entire galaxies composed of nothing but computers.
  And these computers would have to be able to communicate with each other instantly
  and not be limited by the speed of light.
53. Re:Which Encryption Scheme is Safest? Can we tell? by RockDoctor · 2013-11-19 20:31 · Score: 1
  
  Since the NSA has backdoored encryption schemes in the past, how can Yahoo determine if the scheme they implement is actually going to prevent the NSA from decrypting it?
  Use multiple encryption schemes from different providers, and shuffle them around intermittently. So that one week the NSA can decrypt the data stream to reveal material that has been encrypted by a Russian system, but the next week they get something that has been encrypted by a Chinese system. And the same goes for the Russians at their tap and the Chinese at their tap.
  Unless, of course, all of the spooks can seamlessly read all of the other spook's data. At which point, why the fuck are we paying these people anyway?
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
54. Re:Which Encryption Scheme is Safest? Can we tell? by RockDoctor · 2013-11-19 20:33 · Score: 1
  
  If they lose (which they likely will) it becomes hard to keep that secret from lots of employees who might squeal.
  ... particularly if those employees are foreign nationals (from an American perspective) living abroad under their native jurisdiction.
  Which is where the Assange question suddenly veers back into the spotlight.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
55. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-20 03:39 · Score: 1
  
  Yep exactly Especially since from their perspective helping the NSA spy on the citizens of their country is a crime, preventing it their duty.
56. Re:Which Encryption Scheme is Safest? Can we tell? by Jeremiah+Cornelius · 2013-11-20 05:39 · Score: 1
  
  I can middle-man the entire credential exchange - pretending to be the secure channel requestor and resubmitting the altered request for response. I can then pretend to be the responder, etc. This is how SSL examination proxy works as an edge device.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
57. Re:Which Encryption Scheme is Safest? Can we tell? by airdweller · 2013-11-21 07:15 · Score: 1
  
  "...any key based encryption technique is breakable... it can eventually be brute forced."
  Sure. Anything can happen when "eventually" is "the age of the universe".
58. Re:Which Encryption Scheme is Safest? Can we tell? by EdIII · 2013-11-21 13:38 · Score: 1
  
  We don't know what they have. Never underestimate the "geek factor". There may very well be a vulnerability that we have no idea of that reduces the complexity sufficiently that decryption is possible within a viable time frame.
  I'm taking a conservative view point on what real risk the NSA could pose with ubiquitous encryption.
59. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-21 21:47 · Score: 1
  
  There are many algorithms for reduction of the decryption problem. Orders of magnitude get pulled off aver 5 years or so. But that ain't brute force.
  I'd say right now it is likely the complex reduction algorithms still aren't good enough to overcome the sheet mathematical complexity given 256-bits. Certainly for something like 1024-4096 nowhere near.
60. Re:Which Encryption Scheme is Safest? Can we tell? by Bert64 · 2013-11-23 22:58 · Score: 1
  
  There was a story recently about how yahoo did fight such a demand, lost, and were forced to keep it a secret...
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
61. Re:Which Encryption Scheme is Safest? Can we tell? by jbolden · 2013-11-24 00:02 · Score: 1
  
  Unless it was very recently yahoo is publicly denying it. Companies don't generally lie that directly.
Lol by Anonymous Coward · 2013-11-18 09:04 · Score: 0

As if the nsa cant blow right thru ssl.
1. Re:Lol by dmbasso · 2013-11-18 10:33 · Score: 1
  
  I love how so many people here are so sure the NSA can do magic on encryption... it's like complexity doesn't exist. They can solve any problem expressible in a general formal system! Halting problem? Fuck the halting problem, that's like stealing candy from a child.
  NSA - the Chuck Norris of the agencies.
  
  --
  `echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
2. Re:Lol by mrchaotica · 2013-11-18 10:49 · Score: 2
  
  It's not that we think the NSA can brute force SSL; we think the NSA has compromised the certificate authorities.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
3. Re:Lol by dmbasso · 2013-11-18 11:07 · Score: 2
  
  I just picked that comment because it said "thru [sic] ssl", and I interpreted as "breaking DH" or something. But I was referring to a somewhat spread sentiment that breaking encryption is just a matter of developing technique, which may not be the case (hence my sarcastic reference to the halting problem & Godel's incompleteness theorem).
  Like this post above:
  
  The issue is not whether they can brute force encryption.
  We already assume they have the capability of brute forcing all encryption within a reasonable time frame. Something hilariously well protected? 3-6 months.
  
  --
  `echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
4. Re:Lol by manu0601 · 2013-11-18 15:09 · Score: 1
  
  If you secure your own inter-datacenter links, you accept only certs signed by your own private CA, hence the compromised CA is not a problem. And even if your private CA is compromised, ephemeral DH exchange ensures stored traffic remains difficult to decipher.
5. Re:Lol by BitZtream · 2013-11-18 17:23 · Score: 1
  
  The DH exchange only works if you don't get Man-in-the-Middled. Thats the point. Once the certificate authority is compromised, they can create a cert that makes them appear as the server you think you're supposed to talk to, so you do the DH exchange with their server, so the DH exchange isn't a problem. Then they just make another connection on to the destination which does a whole new DH exchange for keys.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
6. Re:Lol by manu0601 · 2013-11-19 00:24 · Score: 1
  
  If you read me carefully, I referred to the status of stored traffic if the CA gets compromised.
Re:yahoo sucks a dick by Anonymous Coward · 2013-11-18 09:09 · Score: 0

Sure, Yahoo blows but it seems like you're the one who locked yourself out their services; not Yahoo.
How Is That Possible? by Anonymous Coward · 2013-11-18 09:12 · Score: 0

Parent put in their correct password, which should grant authentication, and then yahoo asks for a years old security question after successfully authenticating?
Yeah, yahoo definitely shut them out. (And Sucks A Dick)
1. Re:How Is That Possible? by Anonymous Coward · 2013-11-18 09:36 · Score: 0
  
  i couldn't remember
  
  I'll see your theory and raise you fact.
Weasel words by Anonymous Coward · 2013-11-18 09:15 · Score: 1

Yahoo CEO Marissa Mayer wrote in a Nov. 18 blog posting. 'I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency.
The operative phrase here is "our data centers". A little less than half the data centers that Yahoo have their servers in are not owned by Yahoo, they lease space there. So, Yahoo's data flows in and out of the cage(s) they have their servers in into the house network. You can work it out from there.
1. Re:Weasel words by Anonymous Coward · 2013-11-18 09:28 · Score: 0
  
  Yahoo CEO Marissa Mayer wrote in a Nov. 18 blog posting. 'I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency.
  The operative phrase here is "our data centers". A little less than half the data centers that Yahoo have their servers in are not owned by Yahoo, they lease space there. So, Yahoo's data flows in and out of the cage(s) they have their servers in into the house network. You can work it out from there.
  Not only that, they don't have to give someone "access to [their] data centers" to pass them data.
2. Re:Weasel words by Anonymous Coward · 2013-11-18 09:45 · Score: 0
  
  You missed the first weasel.. GIVE...
  We didn't GIVE access to our data. They TOOK access cuz there's fuckall we can do to stop them.
  -
  Faces filled with joy and cheer
  What a magical time of year
  Howdy Ho! It's Weasel Stomping Day
  Put your Viking helmet on
  Spread that mayonaisse on the lawn
  Don't you know it's Weasel Stomping Day
  All the little girls and boys
  Love that wonderful crunching noise
  You'll know what this day's about
  When you stomp a weasel's guts right out
  So, come along and have a laugh
  Snap their weasely spines in half
  Grap your boots and stomp your cares away
  Hip hip hooray, it's Weasel Stomping Day
  People up and down the street
  Crushing weasels beneath their feet
  Why we do it, who can say?
  But it's such a festive holiday
  So let the stomping fun begin
  Bash their weasely skulls right in
  It's tradition, that makes it okay
  Hey everyone, it's Weasel Stomping
  We'll have some fun on Weasel Stomping
  Put down your gun, it's Weasel Stomping Day
  Hip Hip Hooray, it's Weasel Stomping Day
  Weasel Stomping Day
  Hey!
Re: yahoo sucks a dick by Anonymous Coward · 2013-11-18 09:15 · Score: 0

MArrissa you mean? Yes please! And please someone post the XKCD or whatever of the interogator with the pipe wrench.
Business 101 by Anonymous Coward · 2013-11-18 09:15 · Score: 0

If someone else's PR appears to have been written for you, use it.
Took them way too long by kekx · 2013-11-18 09:17 · Score: 2

Well, actually it's quite embarrassing that they're only doing this now...
1. Re:Took them way too long by wrp103 · 2013-11-18 09:32 · Score: 1
  
  Well, actually it's quite embarrassing that they're only doing this now...
  I agree. It is amazing what little effort companies make to "protect" their data. They seem to think that having a password is all that is needed.
Open bag by fred911 · 2013-11-18 09:18 · Score: 1

Insert cat.

--
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
She's given me 1/2 of what I want to hear by GodfatherofSoul · 2013-11-18 09:18 · Score: 2

Strongly worded without PR-crafted terminology. Now, have you given these entities private information without a warrant?

--
I swear to God...I swear to God! That is NOT how you treat your human!
1. Re:She's given me 1/2 of what I want to hear by Anonymous Coward · 2013-11-19 07:13 · Score: 0
  
  They call the "warrant" an "NSL" these days. And of course they don't need old-fashioned things like "courts of law" to get an "NSL". It's 1567 and we are ruled by an Absolutist, Catholic, Spanish king. His name is Baracos Obamos of Saragoza and Assinspectia.
Re: yahoo sucks a dick by Anonymous Coward · 2013-11-18 09:23 · Score: 0

There ya go: http://xkcd.com/538/
I'm from the future, where we have google search.
don't worry by Anonymous Coward · 2013-11-18 09:25 · Score: 0

yahoo will still cooperate with china when it comes to exposing dissidents.
Does it even matter... by nashv · 2013-11-18 09:27 · Score: 3, Insightful

...if they can be forced to turn over encryption keys at the whim of some NSA/government authourity?

--
Entia non sunt multiplicanda praeter necessitatem.
Er...what about encryption at REST? by xxxJonBoyxxx · 2013-11-18 09:28 · Score: 1

>> encrypt all data flowing to and from Yahoo
BFD - since all the data is still sitting on servers somewhere, why would this offer any protection at all?
>> introducing this sort of security does add to infrastructure and engineering costs
BFW - welcome to 2008, Yahoo.
Yahoo can't even keep spam out of my inbox by JoeyRox · 2013-11-18 09:30 · Score: 3

Whereas Google can. When I think cutting-edge technology and encryption Yahoo is the last company that comes to mind.
1. Re:Yahoo can't even keep spam out of my inbox by Dahamma · 2013-11-18 09:43 · Score: 3, Interesting
  
  While I would have agreed with you two weeks ago, bizarrely, I have recently started getting a ton of spam in my Gmail account - really obvious stuff that should have been filtered. And Yahoo has been almost perfect filtering the same crap. Several people I have talked to have noticed the same thing. It's almost like someone at Google accidentally turned off the spam filter...
2. Re:Yahoo can't even keep spam out of my inbox by ibsteve2u · 2013-11-18 10:18 · Score: 1
  
  Maybe Google has decided "Why make it easier to pick out what our customers are interested in - or, for that matter, why reduce the volume of electronic transmissions that must be analyzed? Let the spam flow!".
  
  --
  Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
This is great news for Yahoo users by Anonymous Coward · 2013-11-18 09:30 · Score: 0

This is fantastic news for Yahoo's users. Not because it will make their data more secure. The government can bust down the door whenever it wants. No, it's great news because it might take some developers off the task of B0rking the UIs and making the site run slow. It's great news because that extra bit of distraction will give users more time to shop for replacements.
liars and dumbasses by Anonymous Coward · 2013-11-18 09:31 · Score: 0

so now, post snowden "revelations", with the year 2014 rapidly approaching, yahoo ceo marissa, "not helping the spooks is treason" myers says they are gearing up to use ssl with 2048 keys? also says they didn't help the feds spy on customers. well you don't really have to help them if you don't lift a finger to protect the data until after the fact and then only implement the most basic(possibly completely ineffective) measures. but just like everything else, if the people continue to tolerate it, they will continue to abuse.
Why? by Anonymous Coward · 2013-11-18 09:42 · Score: 0

Why bother? Won't Yahoo just give NSA access if they ask for it?
Really. by BrookHarty · 2013-11-18 09:51 · Score: 2

Doesnt do any good, if the law enforcement organizations (etc), have a warrant they can record all traffic from your IP/Phone. Depends on the company, but at AT&T Wireless they could turn on full sniffing from a mobiles internet traffic and record all TCP/UDP and even overlay it with location based service (tower strength triangulation). My boss said they had a group to assist in warrants, but after I setup the servers and routers, I NEVER saw an email, name or department identified, and I worked there for years setting up hardware from old packet data to 3G routers before I left.
So anyways, they record the entire SSL handshake so they can decrypt the session. You too can even try it for yourself in wireshark.
And who knows what is going on at the AT&T datacenters in those secret rooms...
1. Re:Really. by Anonymous Coward · 2013-11-18 14:38 · Score: 0
  
  So anyways, they record the entire SSL handshake so they can decrypt the session. You too can even try it for yourself in wireshark.
  What you say it true in general, but it doesn't have to be. Although it isn't guaranteed to be used, SSL supports cipher suites that promise perfect forward secrecy, which means that without a break in the encryption algorithm itself, a passive attacker cannot read the content of the messages because they have no way to access the session key (even given the server's private key) and the session key is never stored. An active attack (MITM) is still possible, but simply recording everything and attempting to decrypt later like it sounds like the NSA may be doing is not. Once again, these cipher suite don't tend to be prioritized in SSL implementations (NSA conspiracy? No one thinks they are worth the slight computational overhead?), so only a small fraction of SSL traffic actually uses them.
This will never work. by DigitAl56K · 2013-11-18 09:57 · Score: 1

That security is going to last as long as it takes to find one exploit against an endpoint that can be used to pull the key out of memory one time.
2048 SSL encryption is REQUIRED by Anonymous Coward · 2013-11-18 09:58 · Score: 0

Just for those who don't deal with SSL certificates, as of Jan 1st ALL SSL certificate MUST be a minimum of 2048 bit encryption.
They would have to replace the current certs anyway, smoke and mirrors or just PR?
Ya Who? by AnalogDiehard · 2013-11-18 10:05 · Score: 0

People STILL use Yahoo?!?

--
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Useless (and an obvious deception) by rmckeethen · 2013-11-18 10:08 · Score: 2

Let's be real about this -- if the N.S.A. wants data on any particular Yahoo user, or on all Yahoo users for that matter, it's not going to make one wit of difference if Yahoo encrypts its data or not. All the N.S.A. has to do is issue a national security letter, and Yahoo will cough-up whatever they got. Yahoo's encrypting the data on disk or in transit through their datacenters is little more than a pathetic attempt to lure customer's into believing that Yahoo is doing something to protect their data when, in fact, there's little Yahoo can do to prevent the N.S.A. for getting its hands on your data.
1. Re:Useless (and an obvious deception) by Anonymous Coward · 2013-11-18 10:20 · Score: 0
  
  Better than doing nothing about security. End to end encyption is an obvious desire of everyone who communicates with a specific closed recipient class.
2. Re:Useless (and an obvious deception) by Anonymous Coward · 2013-11-18 17:17 · Score: 0
  
  If the NSA, FBI, etc. wants data on any particular Yahoo user, I'm OK with them having it (pending, of course, just cause and warrants and all that which is, well, a work in progress...) What this will prevent is the NSA getting nearly *all* data for nearly *all* users without even asking. That's a huge step forward.
3. Re:Useless (and an obvious deception) by Anonymous Coward · 2013-11-19 07:17 · Score: 0
  
  Sure as hell they COULD do something. Offer people an open-source cipher/downloading/uploading client, for example. But Meyer comes from Google, whose business model revolves around "gimme your dataz instea of your moneyz".
But didn't NSA compromise SSL already? by jones_supa · 2013-11-18 10:17 · Score: 1

What about the talks about NSA being able to defeat SSL already?[1] [2]
SSL on SMTP or not?? by Anonymous Coward · 2013-11-18 10:20 · Score: 0

Yahoo doesn't support SSL on their SMTP servers. They did not specifically say that they are going to enable it on their SMTP servers. Maybe they are just talking about HTTPS on their web UI. They need to be more specific. They also need to use perfect forward secrecy, or it's useless. NSA could force them to hand over the SSL private key and it would be like there is no SSL.
Man In The Middle by Anonymous Coward · 2013-11-18 10:22 · Score: 0

It is simple. The only way to protect their service is to implement the 2-way authentication. Which means that both the server and the client must have their own PK. Which, surprise surprise, is not implemented by any email/whatever service around. For the obvious reason.
Waste of time - all keys already held by WillAffleckUW · 2013-11-18 10:26 · Score: 1

I agree with someone who suggested one of the early pre-NSA encryption schemes.
You'd be better to roll your own, mind you. Remember, they already have your make files if you used Win 8 or Win 8.1, since it "indexes your local drive for fast search" which is a polite way of saying "spies on you".

--
-- Tigger warning: This post may contain tiggers! --
1. Re:Waste of time - all keys already held by currently_awake · 2013-11-18 15:44 · Score: 1
  
  Most people are not competent to write their own encryption system. It takes a lot of very advanced math and a very careful implementation to make a secure comm system.
2. Re:Waste of time - all keys already held by WillAffleckUW · 2013-11-19 07:16 · Score: 1
  
  Most people are not competent to write their own encryption system. It takes a lot of very advanced math and a very careful implementation to make a secure comm system.
  Last time I checked there were many hundreds of millions of people on the Internet.
  Are you saying none of them can roll a new encryption scheme?
  We used to do stuff with only 50 people working worldwide on stuff.
  I think you just want to believe it's "too hard" so you don't have to do any actual work.
  
  --
  -- Tigger warning: This post may contain tiggers! --
3. Re:Waste of time - all keys already held by Anonymous Coward · 2013-11-19 07:22 · Score: 0
  
  Not really. Just download Blowfish, Twofish, CAST and so on. Read Schneier's Applied Cryptography.
  Or use a Blowfish cipher of mine: http://scherbius2014.de
  You can easily create your own, modern version of the SIGABA cipher. And I am quite confident it would be very strong if you used rotors with an alphabet of 2^16. Then XOR that one with the ciphers above. You can only get stronger ! Of course, there must be a Key Initiator Cipher so as to not accidently compromise the key by your own invention. Actually, that is what I am planning to do in the future with Scherbius2014.
But how is the NSA going to fix Flickr's bad UI by themushroom · 2013-11-18 11:34 · Score: 1

if you change the code and lock them out?

--
Laughter is the Spackle of the Soul.
now, if they would fix the UI by Ralph+Spoilsport · 2013-11-18 11:40 · Score: 1

Yahoo mail's UI is horrific. Besides being ugly, if you have to enlarge text it becomes disuseful... It's a trainwreck of a UI.

--
Shoes for Industry. Shoes for the Dead.
Good keys essential by Anonymous Coward · 2013-11-18 11:51 · Score: 0

If you've got bad random key generation then it doesn't matter if you use AES256 or not: the NSA will narrow the search space for the key down to a searchable range.
I don't just blame the NSA by msobkow · 2013-11-18 12:35 · Score: 1

I don't just blame the NSA for this situation. The providers are at fault for assuming that leased lines can be run unencrypted between their data centers because they're "private". Any time data enters or leaves a data center, one should assume it is being monitored. Everyone knows that's the most basic tenet of security.
But all these lazy vendors from Google to Yahoo and Microsoft and hundreds of others have taken the easy, lazy way out for years.
We all owe Snowden a big "Thank you" for kicking them all in the ass and getting them to do what they should have done in the first place.

--
I do not fail; I succeed at finding out what does not work.
1. Re:I don't just blame the NSA by currently_awake · 2013-11-18 15:48 · Score: 1
  
  You are assuming the NSA didn't "suggest" that the lines between data centers be in plain. Also there is no sane reason for the NSA to ever set foot in a yahoo data center. That would introduce a huge speed bump in their access to the data. Much better to just have a direct line in, with full root/admin access to everything.
2. Re:I don't just blame the NSA by Anonymous Coward · 2013-11-19 08:17 · Score: 0
  
  I think in the Anglosaxon world it is considered impolite to tell the plebejans the BLEEDING OBVIOUS government techniques. You will be on the "terrorist rumor list" from now on.
Bad news by PPH · 2013-11-18 12:57 · Score: 1

I already had trouble understanding Marissa Meyer.

--
Have gnu, will travel.
cop with a warrant by globaljustin · 2013-11-18 13:11 · Score: 2

+1 Insightful on the "government has the keys" point...
here it is: law enforcement & NSA must have the ability to access anything, given proper rights & proceedures
no one can make successful counter-point...all arguments are arguments over ***under what conditions*** the LE/NSA can access the information
Yahoo is doing absolutely nothing other than PR 'damage control' by manipulating the facts with this news.
Yahoo will give up **anyone's** data as fast as humanly possible when asked by a legal authority and this news changes nothing about that.
the speed at which LE/NSA can access our data under legal order is simply a **question of IT engineering**

--
Thank you Dave Raggett
1. Re:cop with a warrant by jbolden · 2013-11-19 03:24 · Score: 1
  
  LE has to get a subpoena and that's overseen by the courts.
  NSA is semi bypassing the entire system and that's overseen by congress and intelligence courts for whatever that's worth.
  What Yahoo is avoiding is being spied on not being subject to a court order.
Encryption on webmail by 2014 by Anonymous Coward · 2013-11-18 13:35 · Score: 0

Congratulations Yahoo!, you've been outdone only by just about every other player out there. Bravo.
1. Re:Encryption on webmail by 2014 by Anonymous Coward · 2013-11-18 13:44 · Score: 0
  
  My mistake. Apparently there's been an option to enable SSL since at least January of 2013. I apologize.
the most cynical of hypocrisies by Anonymous Coward · 2013-11-18 13:53 · Score: 0

The AP, without a hint of irony, posted today: Debunking the perception that the NSA and other U.S. government agencies can easily vacuum up potentially sensitive information about people's online lives is important to Yahoo, Google and other Internet companies because they need Web surfers to regularly use their services so they can sell more of the digital ads that bring in most of their revenue.
Translation: "We must convince people that the NSA and other U.S. government agencies cannot easily vacuum up potentially sensitive information about people's online lives, so that we can continue to easily vacuum up potentially sensitive information about people's online lives!"
Remember, you are not Yahoo's customer; you are the product. They can't afford to spook the merchandise.
Erm, remember Lavabit by Severus+Snape · 2013-11-18 14:04 · Score: 1

All fun and games till your forced to hand over the SSL key and then all that encryption is pointless.
USE A HOSTS FILE...apk by Anonymous Coward · 2013-11-18 15:03 · Score: 0

Jeremiah Cornelius - MAYBE you should "use" my HOSTS file!
APK
1. Re:USE A HOSTS FILE...apk by Anonymous Coward · 2013-11-19 02:56 · Score: 0
  
  If you are apk: Fuck off.
  If you are not apk: Fuck off.
  In short: Fuck off.
  Thank you.
Email is insecure by design by flyingfsck · 2013-11-18 15:05 · Score: 1

Normal Email is insecure by design. Yahoo cannot fix it. If you want to secure your email, then you got to do so at the end points, or quit using email.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Opportunistic encryption ... by MikeBabcock · 2013-11-18 15:28 · Score: 1

I remember the paranoid rantings of those in the FreeS/WAN community back in the day (that's IPSec software for Linux fyi) about needing opportunistic encryption support and DNS based keys so any two hosts on the Internet could communicate securely and prevent Big Brother from listening.
I also recall that I wished it would work, and set up my own hosts with it, but it never did work well and there just weren't enough participants to hit critical mass.
Thirdly I remember a quote from my old BBS days ... "Its not paranoia if they really /are/ out to get you."

--
- Michael T. Babcock (Yes, I blog)
encryption does no good when they hand over the ke by Anonymous Coward · 2013-11-18 17:03 · Score: 0

lying asshats. I worked there 2 years. buncha sharks
Better Security by Anonymous Coward · 2013-11-18 17:49 · Score: 0

My recommendation is that they hash all of their data. Not only is it harder to recover, but it takes up less space. Win Win.
It doesn't matter by Anonymous Coward · 2013-11-18 22:58 · Score: 0

If Yahoo! sees your data, NSA can see it too. Regardless of whether they use OTP and trusted couriers with suitcases handcuffed to their wrists to shuffle the data between nodes in their data center.
For Yahoo! to capitalize on your private information, the data HAS to be plaintext at some point. That's all that's needed.
This is just smoke an mirrors. All cloud services are suspect unless you host them yourself in your own premises and have control of what is going on.
Is NSA greatest threat? by Anonymous Coward · 2013-11-19 00:41 · Score: 0

So, nobody cares about privacy and security as long as it's not the government accessing your data? Keep everything wide open and let all kinds of crooks and foreign agencies, including those from any hostile country, have all the access, but God forbid if it's someone from your own government? Is your own government your greatest foe? Is it just me or is this society screwed up beyond repair? (I understand, unlawful access and abuse and stuff, but still...)
good marketing, crap technology by Anonymous Coward · 2013-11-19 00:55 · Score: 0

The size of their RSA key is a red herring. Certificates either prove identity and secure connections or they only prove identity. It all comes down to how TLS is used. Idiots like Yahoo still use TLS 1.0 with RSA key exchange because they probably didn't bother to learn anything about TLS before deploying it and most products use RSA key exchange by default. RSA key exchange is very convenient for NSA because once you have the RSA server key, you can decrypt all past and future communication that it was used for. Now let's look at Google -- until recently, they utilized RSA key exchange but one day they silently switched to TLS1.2 with RSA / Elliptic Curve Diffie-Hellman. Diffie-Hellman has no fixed secrets, so the key exchange itself can only be compromised with a man in the middle attack. RSA can be decrypted any time if you have the key.
Let me preface the following conjecture by saying that no one who is talking seems to know if Google's key was taken at gunpoint, there is nothing they could have done to avoid handing it over if they were compelled to do so, and I can think of no more responsible act than improving the way they use TLS. Assuming that NSA had taken Google's RSA key by force, and Google's recent switch from RSA to ECDSA key exchange hints that it may have happened, then all the prior encrypted traffic that NSA intercepted and saved for later decryption is now plaintext -- that is unavoidable.
What a company can, and Google did do is limit the scope of future breaches by implementing Diffie-Hellman exchanges in addition to RSA. The name of the game here is not to prevent surveillance, but to make NSA pay as much money as possible to perform it. When DH is implemented, NSA has to actively participate in every connection that they want to intercept, which greatly limits the value of having the RSA private key. They lose the ability to perform retroactive searches and are forced by economic realities to target their interception. They may be the great and powerful NSA, but limited to active attacks, indiscriminant collection will likely become a hell of a lot harder to fund.
Yahoo: you paying attention? Didn't think so... enjoy your last few orbits around the toilet drain.
Hey Crypto Nerds! by DarthVain · 2013-11-19 04:10 · Score: 1

http://xkcd.com/538/
This is NOT an issue with encryption.
This is an issue with a wrench. You can have it encrypted 5 different ways, but when the NSA comes a knocking, DEMANDING The data, and your alternative is to get shut down, go to jail, etc... guess what, they key's become suddenly available anyway.
Its another type of brute force encryption hacking that always succeeds. The RIAA and MPAA figured this out (mostly) long ago when they realized that from a technical standpoint it is a no win situation. At that point just let the government and/or courts solve the issue for you.
The NSA isn't going to crack any codes, they are going to ask for the keys, and if you don't give it to them they will destroy you.
1. Re:Hey Crypto Nerds! by Anonymous Coward · 2013-11-19 07:43 · Score: 0
  
  Which would be fine. Currently, they can monitor 99% of people. If they need to ask for keys, they can monitor 1%. Exactly as sane police work should be done.
howso? by globaljustin · 2013-11-19 10:57 · Score: 1

NSA is semi bypassing the entire system and that's overseen by congress and intelligence courts for whatever that's worth.
howso?
FISA courts are there exactly for this right? Are you assuming the government is up to something or can you be specific?
I'm talking **current policy**

--
Thank you Dave Raggett
1. Re:howso? by jbolden · 2013-11-19 12:50 · Score: 1
  
  FISA courts aren't really courts in that the court doesn't have the same degree of authority nor the same checks as a normal court. That's why I consider it semi-bypassing. It is arguably either a court only in name or a weak court. On the other hand this structure is overseen by congress.
NSA can crack SSL by timkofu · 2013-11-19 19:28 · Score: 1

Wasnt there another story here about how the NSA cracks SSL? This story http://slashdot.org/story/13/10/30/1735257/nsa-broke-into-links-between-google-yahoo-datacenters