The explanation of the compromises is fairly straightforward and in no way unexpected. The advice at the end of the article is just as straightforward and very sound. Two-factor authentication and end user awareness and education can resolve many of these problems.
Things are changing and the Yahoo we all grew up with is quickly disappearing.
Growing pains are real. Mistakes do happen. These statements get tossed around, but in reality, we have problems, we hopefully accept and learn from our problems and we move forward. This is the good example the team at Let’s Encrypt is setting by owning their mistakes, opening discussing where things went wrong, and fixing the problem so that it will hopefully not happen again. Kudos to them. Everyone else, take a lesson. Let’s all get better together.
RIP Mr. Tomlinson. Your contributions to the world will never be forgotten, unlike those first emails.
This is a very intriguing approach to email security by the good people at Google. I am curious how well these warning will be understood and received, but at its heart, the plan makes good security sense.
This is a very intriguing case to follow. The EU has far more restrictive and user centric privacy laws, so any precedent that allows US warrants served against international servers could be perceived as earth shattering and dangerous. I do not think this will be resolved quickly and I do expect repercussions internationally regardless of outcome.