It looks like Yahoo! has learned its lesson when it comes to security. After its mail service was recently hacked by an XSS exploit, the company has not only patched the problem but is also quietly rolling out an HTTPS option for its users.
HTTPS or Hypertext Transfer Protocol Secure is a secure communications protocol — it consists of the the SSL/TLS protocol with an HTTP layer on top. What’s interesting about this addition is the fact that Yahoo! has chosen not to publicize it at all. Well, at least not yet. No press release was issued and blog post detailed the recent changes.
The Electronic Frontier Foundation (EFF) was the first to discover the news, and is actually one of the 26 organizations that includes the ACLU and Reporters Without Borders that urged Yahoo! to make the option available for users. Here is a statement regarding the addition of HTTPS from the EFF:
Thanks to Yahoo! for taking this important step to protect its users’ privacy and security. And thanks to everyone involved with our letter for helping emphasize the importance of this security measure (particularly to Front Line Defenders, the Tactical Technology Collective, and Aspiration for bringing many of us together).
If you’re a Yahoo! Mail user and have not enabled this future yet — we don’t blame you for not knowing about it — you can enable it by going into “Mail Options,” “Advanced Settings,” then ticking the “Turn On SSL” checkbox found at the bottom.
[via The Next Web]