Yahoo is Working to Improve their Security by Encryption Method. In January Yahoo enabled HTTPS default connections. Bug bounty program of Yahoo company works with HackerOne. Security researchers found 452 yet. Yahoo keep minimum bounty award $250.
1. Traffic moving between Yahoo data centers is fully encrypted as of March 31.
2. In January, we made Yahoo Mail more secure by making browsing over HTTPS the default. In the last month, we enabled encryption of mail between our servers and other mail providers that support the SMTPTLS standard.
3. The Yahoo Homepage and all search queries that run on the Yahoo Homepage and most Yahoo properties also have HTTPS encryption enabled by default.
4. We implemented the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We are currently working to bring all Yahoo sites up to this standard.
5. Users can initiate an encrypted session for Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo (gma.yahoo.com) by typing “https” before the site URL in their web browser.
6. A new, encrypted, version of Yahoo Messenger will be deployed in coming months.
In addition to moving all of our properties to encryption by default, we will be implementing additional security measures such as HSTS, Perfect Forward Secrecy and Certificate Transparency over the coming months.
One of our biggest areas of focus in the coming months is to work with and encourage thousands of our partners across all of Yahoo’s hundreds of global properties to make sure that any data that is running on our network is secure. Our broader mission is to not only make Yahoo secure, but improve the security of the overall web ecosystem. said Alex Stamos, Chief Information Security Officer of Yahoo.
But still Bug bounty hunters are finding Bugs in Yahoo!
Follow iGadgetware on Facebook , Twitter, Google+