Security Expert: Yahoo's Email Encryption Needs Work

itwbennett writes "On Tuesday, Yahoo delivered on a promise that it made in October to enable email encryption for everyone by default by January 8. While this is a great step, the company's HTTPS implementation appears to be inconsistent across servers and even technically insecure in some cases, according to Ivan Ristic, director of application security research at security firm Qualys. For example, some of Yahoo's HTTPS email servers use RC4 as the preferred cipher with most clients. 'RC4 is considered weak, which is why we advise that people either don't use it, or if they feel they must, use it as a last resort,' Ristic said."

Ya-what?

[hoifelot]

I don't understand how yahoo can be alive today. It's been way behind competitors for about a decade. This type of story fits right in with that picture. Okay, if they are still alive, I guess they must be making money. But I'm happy they are still around. Now and then I find that I need to reconnect with a site I haven't used for years, where I registered with my yahoo address... And in that case, it's nice that I'm able to receive a password reset link. But what's the attraction today, besides that?

Re: Ya-what?

[hoifelot]

I should say behind competitor, not competitors. But the question still stands.

Re:Ya-what?

I don't understand how yahoo can be alive today. It's been way behind competitors for about a decade. This type of story fits right in with that picture. Okay, if they are still alive, I guess they must be making money. But I'm happy they are still around. Now and then I find that I need to reconnect with a site I haven't used for years, where I registered with my yahoo address... And in that case, it's nice that I'm able to receive a password reset link.

But what's the attraction today, besides that?

The same damn thing that attracts anyone to any of the free webmail services...an email address that hasn't changed since they were known as "teenygurl13" online.

People are fucking lazy, and don't want to change their email address...ever. No matter what that takes. They mainly don't want to change it because they know just how lazy other people are in updating their address book. This simple fact of human nature is what will keep Facebook alive for decades.

Re: Ya-what?

[alex67500]

Microsoft with Bing and Hotmail have been a competitor too...

Re:Ya-what?

[metrix007]

Because it leads in Asia, ahead of Google.

Re: Ya-what?

[hoifelot]

My own opinion has been that Hotmail was far inferior to both Google's and Yahoo's offerings. In that light, Google was the only better alternative. Thus "competitor" :-)

Re:Ya-what?

[craigminah]

I've never trusted Google but used them until other options rose to a good enough level to move over to. I currently use Yahoo as their email client is really good and my job forces me to move every few years so I want to maintain the same email address. Google's email is basic but still very good and I think Microsoft's Hotmail has gotten much better so I use that as well.

BTW, I'm referring to each's webmail.

Re:Ya-what?

[TheloniousToady]

OK, I'll bite. There still are a few things they do well. For example, their Finance feature is among the best in class of financial information (IMHO).

I began using their email system as a POP server years ago, mainly because I thought the spam filtering worked very well. At some point, they changed their system so that you had to use their address as the reply address, so I began using that rather than my website's forwarding address. Although that should have alienated me and made me go elsewhere, I stuck with them, so now people are used to replying to the Yahoo address and it's hard to switch to something else.

I used to use their "classic" (old-fashioned) mail but they forced me and everyone else out of that last year. So, I got used to the new email interface and even generally like it now, but the performance problems still are inexcusable. For example, I sent one email several times the other day after their system said it had failed to send it, then multiple copies of it appeared in my "Sent" list. So, did it go out or not? - who knows?

Their longstanding "Groups" system still has some attractive features. I tried to find a replacement for it recently for an email list I've run for several years, and I couldn't find any similar free and ready-made (no installation) email group service that allows users to subscribe themselves.

There seems to be a theme lately of Yahoo changing the cosmetics of their system as often as possible. However, they don't seem to understand that users don't want change unless there is a clear benefit to them. And users also don't want continuous change - they need time to digest each new thing that's foisted on them. Yahoo also seems to be disregarding the impact all these changes have on system performance. Even after tolerating senseless change, I'm just about ready to abandon their email due to its increasingly poor performance.

I find their search to be OK, though I'm not particularly loyal to it. Honestly, I can't tell much difference between Yahoo/Bing search and Google, so I just use whichever one comes up in the browser I happen to be using. However, my perception is that Google is very slightly better.

Overall, the challenge for Yahoo is to modernize their systems after years of neglect, while retaining the things that people like about them (in my case: finance, spam filtering, and groups), without impacting quality in terms of performance and security. They might get to the Promised Land one day, but there's a lot of desert to cross first.

Re:Ya-what?

For example, their Finance feature is among the best in class of financial information (IMHO).

They also run one of (or the?) the most used fantasy sports sites on the net.

Re: Ya-what?

[SQLGuru]

The recent revamps to Bing / Outlook.com (nee Live.com nee Hotmail.com) have made it better than Yahoo (in my opinion --- and many tech blogs as well). But what Yahoo has going for it is that the high-inertia crowd has been using it for a while and won't budge from it. I know a lot of tech un-savvy baby boomers who won't leave Yahoo because they don't know how to transfer their information and don't want to lose their history. (It's the same crowd that still pays for AOL.)

Re:Ya-what?

citation needed.

Re:Ya-what?

[Bill+Dimm]

There still are a few things they do well. For example, their Finance feature is among the best in class of financial information (IMHO).

Except that their charts show the price of the stock/fund without adjusting for dividends, i.e. there is no way to graph "adjusted price" or "growth of a $1000 investment." So, when a mutual fund makes a big capital gain payout, which has no economic significance (they hand you a check for $X per share and the share price drops by $X), the chart shows a big dip. If you try to chart two securities together to compare them it is totally misleading because of the economically meaningless dips when there is a dividend or capital gain payout. They have the data to do this right, it is displayed as the "Adj Close" in the "historical prices" table, but they don't make it available in the charts. When they've been doing something that dumb for over a decade in spite of complaints, how can you trust anything they do?

Re:Ya-what?

You can't tell the difference between Yahoo, Bing, and Google. I'm ignoring everything you said now.

Re:Ya-what?

[TheloniousToady]

You can't tell the difference between Yahoo, Bing, and Google. I'm ignoring everything you said now.

OK, I'll bite. What exactly is the difference between Yahoo and Bing? ;-)

Regarding Google, have you ever taken the Bing Test? I have, and the results didn't show any clear preference for me. In fact, I think my minor perceived preference for Google mostly has to do with its simple clean interface, that is, its cosmetics. There's a reason that Yahoo has been systematically updating its cosmetics: people respond to that, whether they realize it or not.

Anyway, even if you do objectively prefer Google for search, that doesn't mean that, for example, their finance feature is better. Specifically, although I really like Google's stock screener, I haven't found anything to beat Yahoo's "Key Statistics" page for that stock metrics. For Yahoo, for example, I can look at that and determine in seconds that it's significantly overvalued.

Re:Ya-what?

There seems to be a theme lately of Yahoo changing the cosmetics of their system as often as possible. However, they don't seem to understand that users don't want change unless there is a clear benefit to them. And users also don't want continuous change - they need time to digest each new thing that's foisted on them. Yahoo also seems to be disregarding the impact all these changes have on system performance. Even after tolerating senseless change, I'm just about ready to abandon their email due to its increasingly poor performance.

B-b-b-b-but AGILE! Continuous delivery!

(I agree wholeheartedly. Yahoo's mail UX downgrade, flickr downgrade, and finance forum downgrades are costing them users every time they try. It's doing to Yahoo what Rapid Release did to Mozilla, and what Slashdot Beta is doing to Slashdot.)

Re:Ya-what?

[s1d3track3D]

Yahoo's Fight for its Users in Secret Court Earns the Company Special Recognition in Who Has Your Back Survey
Yahoo Surpasses Google in Web Traffic, Somehow
Yahoo Takes Web Traffic Crown From Google — But Is It Winning?
Yahoo Sports
tumblr
Flickr
Fantasy Football

Re: Ya-what?

[Zumbs]

But what Yahoo has going for it is that the high-inertia crowd has been using it for a while and won't budge from it. I know a lot of tech un-savvy baby boomers who won't leave Yahoo because they don't know how to transfer their information and don't want to lose their history. (It's the same crowd that still pays for AOL.)

The main reason not to leave your current provider is that decade worth of friends and contacts who know your email address and will most likely continue to use your old email address for quite a while after you switch. I know from experience: I switched from hotmail 8 years ago, and still get the occasional email from a friend there.

Re:Ya-what?

[Zumbs]

I used to use their "classic" (old-fashioned) mail but they forced me and everyone else out of that last year.

You can actually still switch to an even more old-fashioned UI. I know, because I did. The main reason was that their new and "improved" UI hides folders, so you cannot see new mail in your folders unless you actively expand your folders list. Secondary reason was that you could no longer move your mouse over a sender and get a tooltip stating the address of the sender.

Re:Ya-what?

[cpufrier37075]

When a discussion of financial monitoring gets this detailed on Slashdot it's time for me to cash out of the market.

Re: Ya-what?

The main reason not to leave your current provider is that decade worth of friends and contacts who know your email address and will most likely continue to use your old email address for quite a while after you switch. I know from experience: I switched from hotmail 8 years ago, and still get the occasional email from a friend there.

So you automatically forward your email from your old address to your new one, and reply to them using your new address. Eventually, everyone will just use your new address directly. Why is this a problem again?

Re:Ya-what?

[inline_four]

It seems Yahoo have made IMAP access to email free.

Momentum

[sqrt(2)]

It was around at the right time to capture a large percentage of normies just getting online for the first time. These people don't like change. They don't really "like" computers in general. To them they're just tools; very frustrating and obtuse tools. Changing e-mail addresses is far more trouble than it is worth--we can barely get these people to give up Windows XP.

Re:Momentum

[Arker]

Lots of these people actually think their email account is tied to their computer. They think they would have to get a new computer to change email accounts.

Re: Momentum

[hoifelot]

You're absolutely right. I forgot that changing your email address can be a big hurdle/insurmountable task for many people.

Re: Momentum

[hoifelot]

Wow is all I can say. I had no idea so many people are so incompetent.

Re:Momentum

[Mashiki]

Lots of these people actually think their email account is tied to their computer. They think they would have to get a new computer to change email accounts.

I suppose that's possible. After all, people have long grown up with the address=home. In turn, computer = unique address, and they don't see a mechanism(to transfer-though not needed), for their new computer like they would with a house/apt/etc. Though I will say in the 18 years I've been working with computers I've never seen this.

Re: Momentum

[clickclickdrone]

You think that's bad? I know someone who has been using Windows daily in their job for 20 years and yet they have never heard of/seen Windows Explorer (not IE) and only found out that start/all programs lets you see what apps you have, a few weeks ago. They save all their IE short cuts to the desktop, not to IE. Basically, their desktop is one huge splat of shortcuts to apps and web pages. They even keep their photos and docs there (mercifully in a folder).

Re: Momentum

[sqrt(2)]

My favorite simpleton is the one who uses MS Word as their file manager.

I actually have infinite patience for anyone willing to learn the correct way to do something. When someone just wants me to make their horribly inefficient, kludgy, jerry-rigged, workflow continue to work across OS/software versions, I become very annoyed.

Re:Momentum

[Monoman]

Exactly. The same kind of people still have AOL accounts... heck I know one or two MSN customers too. These "portals" are the Internet to them. Luckily for Y!/AOL their remaining customers are plentiful and don't know how to block ads.

Re: Momentum

[alex67500]

Wow is all I can say. I had no idea so many people are so incompetent.

You've obviously never worked in IT support. Some woman where I worked was complaining was too slow, until my colleague changed the speed of the mouse cursor. Then everything was fast and perfect. She even bought him coffee.

Re: Momentum

[alex67500]

Wow is all I can say. I had no idea so many people are so incompetent.

You've obviously never worked in IT support. Some woman where I worked was complaining *her PC* was too slow, until my colleague changed the speed of the mouse cursor. Then everything was fast and perfect. She even bought him coffee.

Sorry, fixed.

Re: Momentum

They even keep their photos and docs there (mercifully in a folder).

How do you access a folder without Windows Explorer? If he double clicks the folder icon, guess what opens?

Re: Momentum

[CronoCloud]

I know someone who has been using Windows daily in their job for 20 years and yet they have never heard of/seen Windows Explorer (not IE)

What? How can that be? I'm not doubting you, but how did they "do" things without encountering Windows Explorer?

and only found out that start/all programs lets you see what apps you have, a few weeks ago

Correct me if I'm wrong, I rarely use Windows, but isn't "All Programs" near the very top of the Start Menu. How did they manage not using that or even clicking on it by accident.

They save all their IE short cuts to the desktop, not to IE.

But doesn't that require them to not run IE maximized and drag the address bar to the desktop?

You have made my head explode out of sheer "Whaaaaat?" today.

Re: Momentum

[CronoCloud]

My favorite simpleton is the one who uses MS Word as their file manager.

How?

Re: Momentum

[SQLGuru]

If you use the My Computer icon, you get a different view of Windows Explorer. While under the covers, it's the same program, "normals" won't recognize this fact and will never know that they are running Windows Explorer. Besides, your desktop is actually just a special mode of Explorer.exe....."normals" certainly won't know that.

I would suspect that people who don't know how to navigate files and folders very well don't know how to maximize a window.......so they probably don't run maximized anyway.

Re: Momentum

[clickclickdrone]

True but they never used to actively use it i.e. on purpose. If they wanted to find a file, they'd open Word and use the open/file option to move around the directories.

Re: Momentum

[clickclickdrone]

but how did they "do" things without encountering Windows Explorer?

Probably same way as sqrt's aquaintence. They'd open Word and use the file/open dialog to look around the filesystem.

How did they manage not using that or even clicking on it by accident.

No idea. They didn't seem to use the Start Button much for anything.

But doesn't that require them to not run IE maximized and drag the address bar to the desktop?

No, they use file/send to/desktop as a shortcut.

You have made my head explode

You should worry, I was their go-to person for IT queries and it's really hard hiding the 'WTF?' face when dealing with such people.

Re: Momentum

[operagost]

I'm going to guess they use the Open File dialog.

Re: Momentum

[CronoCloud]

Probably same way as sqrt's aquaintence. They'd open Word and use the file/open dialog to look around the filesystem.

But they couldn't do any file manipulation that way, can they? Or can you use Word's file dialog to open things in other applications? (testing) Ah....the Word file dialog is basically a full featured explorer window unlike file dialogs in Linux. That explains it.

Re:Momentum

[AthanasiusKircher]

Lots of these people actually think their email account is tied to their computer. They think they would have to get a new computer to change email accounts.

I suppose that's possible. [snip] Though I will say in the 18 years I've been working with computers I've never seen this.

You obviously haven't worked very much with people over the age of 60, particularly blue-collar folks who never really had to do much with computers at a job.

Many older people just simply don't get the idea of the internet at all. They don't understand the difference between stuff that's on their computer vs. stuff stored online. They don't understand the difference between turning on their computer and "going online." They don't understand the difference between running a local application vs. doing something in a web browser. I know lots of older -- and even rather smart -- people who still don't really understand the difference between email and texting, since they only ever learned how to text on the iPhone someone convinced them to get after their kids got tired explaining how to use phones to them.

All they know is that there's a single interface where they type letters, buy stuff from Amazon, get email, play solitaire, and view cat pictures and videos. To them, it's all part of "one thing." We don't help things when we talk about stuff being "on their desktop."

So, when you tell someone that they're going to get a new computer, it's like telling them that you're going to replace their desk and everything on it and in it. What transfers and what doesn't? What has to be reinstalled, and what will simply still be there because it's "out there" on the intertubes?

They don't know. Because they simply don't understand where all the stuff is -- they just have a magical device that allows them to do some handful of tasks. And almost all of them know that there is always some stuff that doesn't move between computers, because they lost something before when they accidentally deleted something....

Re: Momentum

[CronoCloud]

I'm so used to Linux I didn't realize that the File Dialog in windows was basically a full featured Explorer window until I tested it just a minute ago.

Re: Momentum

[rjstanford]

The one benefit to this - one of the very few things that I miss about Windows - is that you can (for example) do file-open and then just as you can paste the FQpath to a file and hit enter to open it, you can post any URL to open it as a file. Handy little shortcut sometimes.

Re: Momentum

[Krojack]

These are the same people that think the entire Internet has crashed when they get a 404 error message in IE.

Re:Momentum

[Mashiki]

You obviously haven't worked very much with people over the age of 60, particularly blue-collar folks who never really had to do much with computers at a job.

About 75% of the calls that I used to do before I got out of the "home" side of it was seniors over 65, and blue collar workers. Maybe, there's a fundamental difference between the understanding between Canada and the US, being that in Canada here we have a higher penetration of general technology, computers, internet, and use of said technologies in the workplace.

Re:Momentum

[cpufrier37075]

I changed my wife from ATT/Yahoo just yesterday. She seldom uses email so when we got ATT Uverse I left here with the att.net email address. It's been constant trouble. I was one of those who adopted Yahoo back about 2003 as a disposable email account for such things as registering software etc. and wound up using it quite a bit for its access anywhere facility. With most ISPs of that time email only worked when you were logged in on their service. I changed to Gmail about 4 years ago when all my Yahoo contacts got phished. Don't know if it was me or Yahoo. It took me three days to update my registered email address for 90% of banks and merchants. Ten per cent were unchangeable and required a new account. Changing a decades old email address is not trivial.

Re: Momentum

[L4t3r4lu5]

http://www.thewebsiteisdown.com/

Re:Momentum

Not a 'frustrating tool' but just a tool. I have other things in my life and do not care to relearn every few months just for the sake of 'being cool'. I can learn and have been using a Linux Distro of one kind or another for about 10 years now. Sometimes when a tool gets dull one must resharpen it, but I seldom throw away a servicable tool.

Progress.

[ptudor]

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive. So I look at this as an important first step, with progressive refinements sure to follow. In the same way that Facebook introduced https in response to Tunisia and slowly made it an option for all users before making it default, Yahoo, while slow in adopting a model of default security, has to walk similar steps. They may have had an SSL-beta-option for the last year, but given their AOL-Like user base, I can understand being conservative in adopting new methods and being liberal in the ciphers they provide. Someone using Chrome in Mavericks may expect support for SPDY3 with AES-GCM, but for a user base that may be using IE6 or FF3 on XP still, for a company that caters to people who will never know what GCM or SHA2 is it best to avoid the headline, "Yahoo Mail is Broken for tens of thousands of users." They'll get there. Thanks for trying, Yahoo.

Now, can someone at Microsoft turn on STARTTLS? For that matter, I wish NANOG would turn on STARTTLS for inbound connections.

Also, IPv6... please... IPv6...

"[U]se [RC4] as a last resort."

[cffrost]

Unfortunately — in Firefox, at least — ciphers can only be toggled, not given a priority. Control over cipher selection (and other HTTPS parameters, such as key length, key exchange, hash (MD5/SHA)., etc.) lies with the server operator. In my own testing, the arbitrated HTTPS parameters are most frequently prioritized in some order without regard to strength, or prioritized from weakest-to-strongest (or perhaps least-to-most expensive to execute).

In order to retain manageable security, I have only TLS 1.0-1.2 enabled, MD5 disabled, all RC4-employing combos disabled, with the last being switchable via a check box provided by "CipherFox." (Additional features of use to "CipherFox" users are provided by "Calomel SSL Validation."; I recommend both.)

Re:"[U]se [RC4] as a last resort."

Control over cipher selection (and other HTTPS parameters, such as key length, key exchange, hash (MD5/SHA)., etc.) lies with the server operator.

By default the client sends it's list of preferred ciphers and the server takes the first supported. However the server can also use it's own preference and that it what Yahoo is doing and it's preferring RC4 over AES even with TLS 1.2.

Re:"[U]se [RC4] as a last resort."

[metrix007]

You're foolish.

RC4 is better than cleartext, which is what you may end up with your configuration.

The attack to exploit RC4 is also complicated, and unlikely to occur across the internet.

Re:"[U]se [RC4] as a last resort."

[cffrost]

You're foolish.

I disagree, but I may be biased.

RC4 is better than cleartext [...]

I agree.

[...] which is what you may end up with your configuration.

No it isn't — please see my reply to brunes69.

To anyone who read only my initial post, please note that I use two additional plug-ins which thwart a plaintext connection with any host with which any encrypted connection is possible, including RC4: "HTTPS Everywhere" and "HTTPS Finder" — see my reply to brunes69 for links/further info.

My apologies to everyone for neglecting to include important info in my initial post, particularly to anyone who got the impression that I was advocating plaintext in preference to a weak or broken cipher.

Even good ciphers are mostly useless

[abies]

I wonder, in real world, how big percentage of the attacks are performed by man-in-the-middle (where strength of cypher matters). Between

1) 3 letter agencies just accessing content directly on Yahoo servers
2) Somebody hacking router between you and Yahoo (or evesdropping on physical line) and performing very costly cypher break
3) Having trojan/keylogger/whatever on your machine giving access to everything

How much point 2 is a problem compared to 1 and 3? People can write a lot about how usage of bad cipher will allow your mails to be cracked in 1 day instead of 5 billion years... but probably 99% of compromised emails are accessed through 1 or 3.

It is like with optimizing code. You could optimize hotspot where 99% of cpu time is spent, but it is hard. So instead you optimize all things around, making other 1% order of magnitudes faster and then forget than you cannot do anything about remaining 99%...

Re:Even good ciphers are mostly useless

http://isc.sans.edu/diary/Intercepted+Email+Attempts+to+Steal+Payments/17366

The attacks might not be common, but they do happen, and can potentially have big impact.

Re:Even good ciphers are mostly useless

[abies]

"Scammer intercepts and slightly alters the email"
It is not clear for me that it has happend on the wire, as opposed to compromising mail server or customer machine. Has the scammer really captured the email while it was transmitted over http/smtp connection, performed 'surgery' in realtime and sent it further with modified content?

From the comments section, somebody describes similar situation, but first step was to install keylogger on customer PC. Which means we are in point 3, not point 2 from my list.

Re:Even good ciphers are mostly useless

[ptudor]

I'd add a #4, or #2a, Man-In-The-Middle the certificate. Diginotar's compromise, never the huge bundle of trusted certificates in every browser/OS, makes it easy. Whatever an enterprise can do with GPOs and Websense can happen in the wild too. (I kinda prefer self-signed certificates anymore.)

Overall I agree, but I still cry out in pain when I see people choosing to use 3DES and disable PFS.

Re:Even good ciphers are mostly useless

[rvw]

"Scammer intercepts and slightly alters the email"
It is not clear for me that it has happend on the wire, as opposed to compromising mail server or customer machine. Has the scammer really captured the email while it was transmitted over http/smtp connection, performed 'surgery' in realtime and sent it further with modified content?

From the comments section, somebody describes similar situation, but first step was to install keylogger on customer PC. Which means we are in point 3, not point 2 from my list.

So we wait and do nothing. Keyloggers become common. We become aware and virusscanners start to detect them. Criminals look for alternative. Voila! It's just a matter of time before this method becomes cheap enough to implement. Why wait if we can fix this now?

Re:Even good ciphers are mostly useless

While this is a great step [quote from the story]

Do people really believe these companies had no involvement in giving out data to spying agencies without any written agreement? Why do people go into denial over the fact companies are just as untrustworthy as government?

The new story from Germany over the leaked documents was a set-up to try and clear the companies names. Everyone was involved and did in the name of patriotism! Then came out denying they had any knowledge of it.

No surprise then companies are caught putting back doors into there equipment and software for US spying agencies to get into. If it wasn't that, they were giving the keys away.

What difference does it make over encryption, if the NSA has access to [not if but does] its more then likely is going to get cracked. Bottom line is there is no privacy when it comes to the internet, or even a PC/laptop ect.. not connected to the internet.

And yet companies [more then likely getting some funding and push from government] are trying to force the cloud services, I promise you that will be the next thing that gets called out or exposed as another means for spying agencies to access data, behind peoples backs, and companies will go into some delusional denial they had anything to do with it.

Re:Even good ciphers are mostly useless

[Dagger2]

If it doesn't happen, then good. The encryption is doing what it's supposed to do.

(I've seen brochures for products that can MITM encrypted Bittorrent connections in order to log what's being transferred, so yes, people will take advantage of weak encryption if it's easy enough to do so.)

Re:Even good ciphers are mostly useless

[Kardos]

The reason #2 is not a common problem is because of the strong encryption -- it's a technical problem that is, for the most part, solved. If the encryption becomes easily breakable, #2 would swiftly become a problem again (think coffee-shop wifi operators, nosy employers/schools, etc.). #1 and #3 are social problems, and I agree that they need plenty of attention, however maintaining sufficient encryption to keep #2 closed is definitely not wasted effort.

Re:Even good ciphers are mostly useless

[CastrTroy]

Yeah, this reminds me of my security professor's opinion on SSL. It's great at what it does, but it pretty much does nothing to stop your credit card number from being stolen. It's a good idea to encrypt your credit card information when sending it to the online store. It's a better idea to come up with a payment system where you don't have to send your credit card info to the online store. Personally, I think that PayPal has done more for payment security than SSL has. At least with PayPal, only they need to know my credit card details, and the seller still gets their money. Ideally the credit card companies would have set up a system. So that nobody outside you and the credit card company has to know your credentials. The store just needs a cryptographically signed receipt saying that the money was transferred.

Theatrics.

Make a few unimportant services secure-ish, but make very very sure that those services the NSA needs, email and IM, are on the weakest possible encryption.

exponentially worth our weight over over all

last for years, light, compact, self cleaning, intuitive, rechargeable, restoreable (free the innocent stem cells), & more. that's us, powered by momkind et pals & built to lasting (before/until forever) self adjusting (little miss dna cannot be wrong) specifications

What is keeping Yahoo up?

[korbulon]

Yahoo reminds me of a journeyman heavyweight boxer taking the champ into deep rounds despite taking a serious beating. He simply will not go down.

They impress for sheer resilience, if for nothing else.

Re:What is keeping Yahoo up?

[Virtucon]

What is keeping Yahoo up? /quote?
Viagra or Cialis?

Re:What is keeping Yahoo up?

[VortexCortex]

In order for me to thrive as a business I merely need to make enough money to pay expenses and employees. I don't have to defeat the heavyweight. I just have to dodge their blows.

The stock market's demand for growth is untenable. Overextended businesses die; The name for unchecked growth is cancer. I've discovered that business maturity exists. Focusing on improving my services and better ability to meet customer needs / better dialog beats overextension through growth hands down. On the public market I'd be slaughtered. I refuse to grow faster than necessary. This way I can stay more nimble and adjust to changes and new tech faster than my competition. Instead of growing, I concentrated on streamlining agility. Eg: You could invent 50 new platforms tomorrow. In one year, I'll have support for them all without requiring any growth to gain the specialization. I have an excellent platform abstraction layer.

I'm not partial to Yahoo, but their board has more sane business sense than most. Their retention isn't necessarily impressive, but to dodge blows while in dire need of a tourniquet is commendable. It's caused them to make some compromising business decisions, however.

Re:What is keeping Yahoo up?

They own Flickr. Also, a whole lot of people use their mail because changing email addresses is irritating and it's not really significantly worse than any of their major competitors so it's not worth the bother.

They don't have to be as big as Google to keep their head above water.

Is that what they are worried about?

It would appear that Yahoo has a sign-in cookie problem with the mobile version they send to Chrome for iPad.
I signed out days ago and today when i typed http://mail.yahoo.com to login, I was instead directed to a view of all my emails, no need to sign in! But then their servers realised that and I was re-directed to the login window. So a brief 5 seconds, I was able to see my Inbox before the redirection occurred. Am no hacker but I can see how one would exploit this and Apple being Apple, I don't doubt for one second that someone with the wrong App or malware-ridden advert that play in Apps could take advantage of this!

Re:Is that what they are worried about?

Not at all. I believe the most likely reason for this behavior is as follows: the view you saw was most likely created solely by your web browser, displaying the content it had previously cached on your local device for "http://mail.yahoo.com". I think it's much more likely an artifact created by Chrome for iPad.

Re:The 'beasts' share the same scent !!

I think your sega cd is broken.

A false sense of security

[msobkow]

Unfortunately, Iceweasel/Firefox don't indicate what cipher is used by an https connection, so Yahoo gives you a false sense of security with the use of RC4. So do many other websites.

There should be some indicator of just how secure an HTTPS connection is (maybe shifting the colour of the padlock from red through orange, yellow, and green as the strength of the cipher improves.) One should also be able to select which ciphers are considered valid by their browser.

Re:A false sense of security

[profplump]

You can select which ciphers you accept. In Firefox the preference is something like "security.ssl3.rsa_rc4_128_md5" -- I'm sure if you search for RC4 in the about:config page you can find the relevant settings. You can explicitly allow or disallow whatever combination of ciphers you like.

And it's not a "false sense of security" when the indicator is binary. It's not as descriptive as telling you what cipher is in use, but it's still encrypted and would take a lot of effort to decrypt (weaknesses have been demonstrated but there's no known attack that's even vaguely plausible in the general case), so given only binary choices "secure" is probably the right one, at least for the time being.

Mr Ristic

[shikaisi]

Ivan Ristic; is he the father of Hugh?

Re:Mr Ristic

[Virtucon]

cousin of Alter?

God moves faster than the speed of light.

I hope slashdotters realize that God moves faster than the speed of light.

This is not "email encryption"

[daveewart]

While the article is correct and uses precise terminology, the summary is wrong to use the term "email encryption". That term is for encrypted email messages using PGP/GPG/S-MIME.

Yahoo have no framework for email encryption. This article is about use of HTTPS for their webmail service and (a) whether that has been implemented and, if so, (b) whether it has been done correctly.

The answers to which are: (a) mostly and (b) no.

Re:This is not "email encryption"

[CronoCloud]

That term is for encrypted email messages using PGP/GPG/S-MIME.

Yahoo have no framework for email encryption.

Don't really need a framework if you have POP3 or IMAP access to it, then you can use a "real" e-mail client that DOES have GnuPG or S/MIME support. It should also cure the HTTPS issue.

Re: This is not "email encryption"

[daveewart]

I know Yahoo don't have (nor need) a framework for email encryption. My comment was simply a clarification. :-)

Re:This is not "email encryption"

Nobody cares about the content of your email; there isn't staff to read it anyway. They only care about who you sent mail to and when and from where and how frequently and who those people associate with; it's a gigantic graph analysis problem. GPG is protecting the wrong part.

Seriously, if you call a phone sex line, does an attacker really need the details of your conversation to know what you talked about, or do they just need the metadata?

Re:This is not "email encryption"

[CastrTroy]

You still need to encrypt the email as it's being sent out to the recipients, and you still need the incoming email to be encrypted as it's getting initially sent to Yahoo's servers. It doesn't matter if it's encrypted when you're reading it if it was already intercepted before it got to your inbox. Simillarly, it doesn't matter if the message you're sending is encrypted between you and Yahoo if Yahoo sends it in plain text to the recipient.

Re:This is not "email encryption"

[CronoCloud]

Simillarly, it doesn't matter if the message you're sending is encrypted between you and Yahoo if Yahoo sends it in plain text to the recipient.

Yes I understand that what TFA is referring to is the SSL/TLS encryption between browser or mail client and the website/server

But what some of us here in this thread are talking about is "client side encryption between sender and recipient If say Bob encrypts an email with GnuPG or S/MIME to Alice it doesn't matter if the Alice's connection to their mail server isn't SSL, the message is still encrypted and gobbledygook to any interceptor.

For example here is a tiny bit of what an ascii armored encrypted message looks like:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQEOA+sUHqCmA5QMEAP/d5bL7tp4CefmpILtO4N9Q5TGGn1G0bJ6aLj/y339ZE0E

Damn lameness filter didn't let me include the whole thing. But you can see that while having the connection to the SMTP/IMAP/Webmail server be TLS/SSL is important... client side encryption is what will really secure any messages from outside reading.

Re:This is not "email encryption"

You hit the nail on the head.

When I read "email encryption", I think of the top layer, where actual messages are encrypted via either OpenPGP or S/MIME.

However, HTTPS isn't "email encryption" to me. This is something all web servers should have on, operable, PFS enabled, and at least 2048 bit keys, if not larger.

Another item not touched on is how the email is stored. Is it just sitting on a SAN, where someone who manages to get admin access can start snarfing, or is there some encryption layer protecting the bits before they hit the spinning platters? Of course, encryption brings key management issues, and that is a complete can of worms right there.

So far, the best security I've seen for E-mail is what a SMB did. They run in-house Exchange with an edge server that sends/receives mail and provides OWA (TLS protected, of course) and a hub server that actually stores E-mail while providing internal access. The machines have all partitions encrypted via BitLocker and a TPM, and both S/MIME [1] and PGP Desktop are used for encryption in house.

To me, when I read "email encryption", having E-mail encrypted in transit, encrypted on the disk, backups encrypted, and individual messages encrypted (but with an ADK for recovery reasons) addresses all those points. It isn't 100%, since a server compromise will completely bypass all the encryption, but it does a good job at locking things down.

[1]: S/MIME is less secure, but as soon as an outside user sees the mail, it does show a signature. Of course, there are the users who see the ribbon in Outlook, then go screaming that the mail is infected since they have never seen that before, but fixing stupid is an onerous task.

Re:This is not "email encryption"

I agree, the headline 'email encryption' had me fooled until I read that it was just what gmail had done years ago.

It would be nice to have both email encryption (to email contents private between you and the recipient) and https (to keep email meta-data private to you, the recipient and the deliverer).

yes, right.

[johan.kroeckel]

Google Chrome 31.0.1650.63 + Gmail: RC4_128...

Re:yes, right.

It's doing TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for me. Current firefox does TLS_ECDHE_RSA_WITH_RC4_128_SHA (TLS 1.0), but the beta version does TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 too.

Re:yes, right.

[johan.kroeckel]

Good to know. My system is Debian Wheezy.

Re:yes, right.

[CronoCloud]

Why are you using a web browser to access gmail when you can use IMAP with a proper email client using proper TLS. Not only that you don't see ads that way and gain the ability to use GnuPG or S/MIME encryption if you want to.

Re:yes, right.

[johan.kroeckel]

I perceived gmail+imap as kind of a hack: strange mappings to labels, double directorys (trash). And the webinterface gives me a more natural feeling for like hangouts and todo list in the sidebar, mail-templates synchroniced and so on. And one gui across device/os borders.

I don't understand this reasoning at all

[brunes69]

So if a website gives you only HTTPS with RC4 or HTTP in clear text as options - why would you choose clear text?

This is totally illogical. Yes RC4 sucks but it is better than clear text - ANYTHING is better than clear text. The only possible argument for this would be "false sense of security", but if you think average people pay any attention to that padlock in the status bar, you are delusional.

Re:I don't understand this reasoning at all

[spacefight]

Your locig fails as soon as with ROT13 - not better than clear text.

Re:I don't understand this reasoning at all

Why is not better? I'll grant you it's not a lot better, but certainly it's better than nothing. And RC4 is leaps and bounds better.

Re:I don't understand this reasoning at all

[cffrost]

So if a website gives you only HTTPS with RC4 or HTTP in clear text as options - why would you choose clear text?

This is totally illogical. Yes RC4 sucks but it is better than clear text - ANYTHING is better than clear text. The only possible argument for this would be "false sense of security", but if you think average people pay any attention to that padlock in the status bar, you are delusional.

I agree with you wholeheartedly — in fact, I accept some questionable certs in my zeal to transfer ciphertext instead of plaintext.

However, I neglected to mention in my previous post that I also use EFF's "HTTPS Everywhere," and an extension for that extension called "HTTPS Finder" — the former forces HTTPS if the host is known to support it, and the latter forces HTTPS if an HTTPS connection is possible (and creates a new rule for "HTTPS Everywhere"), even with requisite security.ssl3. cipher suites disabled in about:config .

(I figured anyone knuckle-deep in their browser's HTTPS configuration would be aware of them (and hopefully, using them). I recommend both, emphatically — "HTTPS Everywhere" alone yields a vast improvement in security/privacy, and has the benefit of a very long, expert-managed list of defaults.)

Thus, if RC4 is needed and I have it disabled, I'll be presented with an "ssl_error_no_cypher_overlap" error page, then I enable RC4 and reload. The only weakness there is in my forgetting to re-disable RC4, but the two extensions I mentioned in my initial post help in this effort, alerting me in various ways if/when I connect to another host using weak security:

"CipherFox" displays the cipher suite (or configurable portions thereof) in use on the status bar (e.g., it shows me "AES-256 RSA-4096 SHA1" on DDG), as well as providing the "Enable RC4" check-item on the Tools menu.

"Calomel SSL Validation" displays (on my nav. bar) a color-coded shield that represents a percentage security rating based on weighted factors drawn from the cert and cipher suite, the breakdown of which is displayed via clicking the shield icon.

Re:I don't understand this reasoning at all

[cffrost]

Your [logic] fails as soon as with ROT13 - not better than clear text.

I disagree; ROT-whatever would at least help defend one from automated surveillance of plaintext keywords, and very lazy/unmotivated human eavesdroppers.

Why don't people use "real" e-mail clients?

[CronoCloud]

Why do people insist on using a web browser to read their mail instead of a proper e-mail client that implements proper TLS and every other feature that an e-mail client has that the web interface doesn't. It's not like people can't access their webmail over proper IMAP or POP3, which has advantages like seeing no advertising and the ability to use GnuPG or S/MIME encryption if one wants.

Re:Why don't people use "real" e-mail clients?

Maybe they don't like setting it up by filling arcane characters in random text boxes.

Re:Why don't people use "real" e-mail clients?

Because for 99% of us a web client, including accessing Exchange which can even support Lync this way, gives us 100% of what we want - read email, send email, search email, attach pictures from directory/phone.

Is the Bugatti Veyron a cool car with lots of neat features ? Yep but the Prius in my driveway solves 100% of my problems.
Yours too I bet.

Re:Why don't people use "real" e-mail clients?

[CronoCloud]

I remember reading somewhere (I even think it was slashdot) about someone suggesting an addition to the e-mail RFC's a standard for an "set up e-mail" file that one could import into one's email application.

But setting up IMAP or POP3 isn't that difficult, not much different from following a recipe matching field to field. In fact, people used to have to do it.

For example Gmail is simply:

Incoming Mail (IMAP) Server - Requires SSL

        imap.gmail.com
        Port: 993
        Requires SSL:Yes

Outgoing Mail (SMTP) Server - Requires TLS

        smtp.gmail.com
        Port: 465 or 587
        Requires SSL: Yes
        Requires authentication: Yes
        Use same settings as incoming mail server

Re:Why don't people use "real" e-mail clients?

[profplump]

That's a one-time problem though -- it's a barrier, but it's a small one given how frequently mail is used. And modern mail clients are happy to guess virtually all of the settings, at least if your mail server has a standard configuration and you can remember your own email address.

Re:Why don't people use "real" e-mail clients?

[CronoCloud]

Yep but the Prius in my driveway solves 100% of my problems.
Yours too I bet.

The funny this is there is a Prius in my driveway, but I do use a real e-mail client.

I understand that most users don't need advanced features but.....

Problem: Users complain about the targeted ads in their webmail tab.
Solution: Using a real e-mail client over POP3/IMAP removes that.

Problem: Users want e-mail privacy
Solution: PGP/GPG or S/MIME with a real client.

Problem: Users worried that an HTML message my do something harmful.
Solution: Use a proper e-mail client that doesn't view the HTML by default.

Re:Why don't people use "real" e-mail clients?

Maybe because they don't have admin rights on a work pc, and still want to access their personal email.

and FWIW, yahoo disabled POP3 access on all of their non-paid accounts years ago.

Re:Why don't people use "real" e-mail clients?

[jader3rd]

Why do people insist on using a web browser to read their mail instead of a proper e-mail client

Because that involves setting up an email client. Most people can't be bothered to do that, and for some strange reason find it annoying when somebody does do it on their behalf.

Re:Why don't people use "real" e-mail clients?

[CronoCloud]

Maybe because they don't have admin rights on a work pc, and still want to access their personal email.

Maybe I'm being grumpy but I don't think people should access personal e-mail accounts on their work computer.

and FWIW, yahoo disabled POP3 access on all of their non-paid accounts years ago.

Oh? From what I've read they enabled it back recently.

http://kb.mozillazine.org/Yahoo

Re:Why don't people use "real" e-mail clients?

[CronoCloud]

Because that involves setting up an email client.

But you only have to do it once! Set it and forget it. And people even "normal" users used to have to do it.

Re:Why don't people use "real" e-mail clients?

[jader3rd]

But you only have to do it once! Set it and forget it. And people even "normal" users used to have to do it.

When it comes to effort 0 > 1.

I gave up with Yahoo

[danknight48]

I got sick to death of my 10+ year yahoo account being "compromised", just out of the blue. My passwords are always secure using multiple caps/numbers/symbols etc.
My gmail/hotmail accounts never gave me this hassle.

Everytime you want to "recover" your account, you have to siv through pages, and pages of crap. Once you confirm your account with another email on file, you then have to provide your current password (which has been compromised and changed) to get in.
This could all be avoided if Yahoo mail actually had a "SECURE" system in the 1st place.

Hence why i haven't bothered with Yahoo Mail since. Yahoo is too far behind and too careless for my attention.
Hotmail and Gmail is all you need, and, will save you so much frustration.

Re:I gave up with Yahoo

Uh, yeah, what you said..........except that password recovery hasn't worked that way for a long, long time, if ever.

Re:I gave up with Yahoo

[danknight48]

Uh, yeah, what you said..........except that password recovery hasn't worked that way for a long, long time, if ever.

I tried it today, and, still asking me for a password to recover my account....................

Older Systems/XP will be problematic

[Virtucon]

With the abundance of older operating systems out there, I think browser code and general websites will still be hampered for quite sometime. For Yahoo and others that means the lowest common denominator needs to be supported for quite sometime. If you're rolling out your own website and can control those variables then certainly you can enforce TLS 1.2 with ciphers that are much stronger than RC4. If you can't control the client side in terms of minimum support that unfortunately means TLS 1.0 and RC4 if you want your website accessible by those old systems like XP, Vista etc. I don't think that the rest of us who have upgraded to Windows 7/8 or Linux shouldn't be left insecure however just because lowest common denominators have to be supported. Another point to remember is that TLS 1.2 has just rolled out within the last year or so in both Chrome and Firefox and Microsoft on the client side hasn't supported it until Windows 7 and IE 9; that means that site providers who want to reach the broadest spectrum of clients will have to shift support to the older, less secure protocols or lock people out of their website. I don't see Yahoo or Google doing that anytime soon. In fact, I just checked my connection with Yahoo and with Chrome 32.0.1700 it shows AES_256_CBC, on Firefox 26 it's using Camella 256... but both are using TLS 1.0. On Google with Chrome, AES_256_CBC with TLS 1.2 (woohoo!) but on Firefox 26 it's AES_128_CBC bit keys with TLS 1.1 even though I have AES_256 enabled... So that's something the Firefox folks will need to look into. FYI, in Firefox using about:config you can disable RC4 which is also how I configure the protocols and also set security.tls.version.max=3 to enable TLS 1.2 support for Firefox 25 and newer.

If you want to check what a website supports you can use the openssl client connect command with the appropriate switch. For example:

openssl s_client -connect mail.yahoo.com:443 -tls1_2 will attempt to connect to the yahoo mail service using only TLSv1.2 you can use -tls1_1 for obviously tlsv1.1, -tls1 for 1.0 etc. mail.yahoo.com doesn't support TLSv1.1 or TLSv1.2 but does support 1.0..

RC4, BEAST, perfect forward security, recommendati

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive.

It was only recommended as a counter to the BEAST attack, which exploited the way block ciphers worked. Since RC4 is a stream cipher it was not subject to this exploit, but a lot of people were uneasy about the recommendation. This is because while it was resilient against BEAST, everyone knew that RC4 was/is on its last legs, but it was the lesser of two evils.

When a workaround for BEAST was created (n/n-1 record splitting), and implemented in just about every browser, the BEAST attack became mostly moot, and at that point people should have put RC4 lower down on the list of allowed ciphers, whose only purpose was to support legacy clients (read: XP).

So basically RC4 should have been put at the bottom of the cipher list for about 18-24 months:

        https://www.imperialviolet.org/2012/01/15/beastfollowup.html

If you're running a Unix system with OpenSSL 0.9.8, then put the following in your Apache configuration:

        SSLHonorCipherOrder On
        SSLCipherSuite DHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA:HIGH:!MD5:!ADH:!DES

If you have OpenSSL 1.0.1+, then:

        SSLHonorCipherOrder On
        SSLCipherSuite ECDH+AES128:DH+AES128:RSA+AES128:RC4-SHA:HIGH:!ADH:!AECDH:!MD5:!DES

More details:

        https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

TLS 1.2 everwhere will add to the security, but the above will go a long way for SSL 3 and TLS 1.0:

        https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what

PS: the above two weblogs are two good resources on keep up to date on TLS stuff. The traffic is low, and so when they do post, it's usually worth looking at.

You Fail

Your locig fails as soon as with ROT13 - not better than clear text.

No, your logic fails, epically! Any obfuscation at all, no matter how weak, is better than NONE at all.

Quick! Without looking it up or resorting to pen and paper, what's this? Cnffjbeq

It's better than nothing, that's for sure.

Linux Issue?

www.gmail.com

Firefox 26 - openSuSe 12.2

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 128 bit keys

Coincidence

[justthinkit]

I ran into someone yesterday with an MSN address -- the 72-year-old contractor about to repair my sidewalk.

The only person I deal with regularly using an AOL account is my in-law/accountant -- age 74.

Sounds like a two horse race to me. Wait, what about webtv?

Re:Coincidence

[CronoCloud]

Wait, what about webtv?

I'm a former webtv/msntv user, last used it in 2002. They shut down the service in September of last year. The addresses were transferred over to outlook.com so you might still see webtv.net addresses.

E-mail vs ?

[aviators99]

As others have said here, encryption from sender to receiver (including all hops in between) is what's really important, and would render encryption at the web/IMAP/POP level unnecessary. SMTP is used between all hops (unless, I assume, a message originates and ends at the same server), and survives from the early days of network computing when all of us who were on the net knew each other. It should not have survived to a public Internet, for reasons that became obvious pretty quickly.

Lack of security and spam are a direct result of the way SMTP works, and our youth is already moving to private "e-mail" infrastructures like Facebook and other social messaging private/direct messaging, so this won't be a problem for much longer. In a paper I wrote in 2007 I predicted the mass exodus from e-mail to social media messaging for these very reasons.

News Flash: Yahoo needs a little work :D

ROTFL LMAO

Link Bait!

People like to bitch about things and have sensational head lines for link bait. A day after that article Yahoo has pfs support and doesn't support RC4 and this was 6 days after fulling turning on SSL/TLS for mail.

Looking at other sites like Ebay they sill don't support pfs and do support RC4. I would worry more about Ebay where I spend money vs Yahoo...
 

What about sending and receiving?

[antdude]

That would still be insecured. :P