Consistently engaged in strengthening security
Aiming at automating security to keep up with changing times
Platform Development Division, System Management Group
Joined in 2005. Worked on core systems and services development. Since 2007, engaged in design and development of Web services overall security infrastructure. Currently responsible for security technology and acts as assistant to CISO (chief information security officer).
Working on consistently strengthening security with source code scanner
I joined Yahoo Japan Corporation fresh out of university 12 years ago. At the time, I was looking for a place to work where I could use UNIX and C in a programming job, because I thought I was good at them. And limited to FreeBSD, at that! (laugh) Around that time, I happened to see some Yahoo Japan Corporation job information, thought it sounded good, and joined. Back then I thought I’d rather join a company that made its own services, rather than a consulting company. Plus, my parents, family and friends all used Yahoo! JAPAN. I had the feeling it would be a rewarding place to work.
From the second year after joining I worked on service development. Then I started doing security-related work and have been doing that ever since.
After the third year after I joined, I worked on source code checking. You write source code when making a product, but writing new code can sometimes introduce new problems, as well, so the source code needs to be checked. We have a source code management system in-house. We run a source code scanner that searches automatically and notifies us of any problems. This system has been operating since around 2007.
I’ve also worked on improving the login system. For example, Yahoo! Auctions needs protections against unauthorized users. We collaborated in-house all along the way to figure out ways to stop unauthorized users.
I also participated in the project to localize the key management system made by Yahoo! Inc. in the U.S. Key management is necessary so that even when there are many servers, the keys can be rotated and used easily. When you have several tens of thousands of servers, it would be incredibly time-consuming to deploy them one by one, so key management efficiency is important.
Making sure passwords never leak from login servers
One job that sticks in my memory is designing and developing an authentication system that sits behind the user login servers. We have a platform for 2-factor authentication, but it’s separate from the login server network. We put a separate network that deals with hashed passwords behind the login server network, and then put a firewall between the two.
It would be a big security breach if even hashed passwords leaked, so the network is constructed such that they’re managed and used on servers that are isolated from the outside. Login servers are sometimes attacked from the outside, so we don’t leave even hashed passwords on them.
In 2015, Yahoo! JAPAN switched to the SHA-2 SSL server certificate, this affected even the user support departments. We started using the new SHA-2 certificate because the old SHA-1 certificate had become insecure, but SHA-2 can’t be used on Windows XP. It was already an unsupported OS, but still a certain percentage of traffic came from Windows XP. We discussed the advisability of announcing “Windows XP can no longer be used, so please use a new OS.” Ultimately, we made a special page and encouraged the switch from Windows XP to a newer OS version. This affected a lot of departments, but I remember that we got through it in the end.
Automating and strengthening defenses
If you ask what I want to do from now on, my position is the same as always: I want to continue making secure platforms that people can feel even safer about using. In that vein, I have an idea. We find vulnerabilities on a daily basis, but it’s difficult to tackle them one at a time. In this context, it can be said that having the most up-to-date software version can save time in the event of an attack. So, I'd like to aim for a system that is kept up-to-date as automatically and as mechanically as possible. I'd like to do away with the necessity for an on-site engineer to update to the latest version, log in to the server and do some kind of work. In that way, the server administrator’s account would also no longer be needed, and the risk of being compromised also decreases. I want engineers to put their energy into making things that will change society. They shouldn’t think of their work as putting on a patch to update software to the latest version. I want to leave that kind of work to the machines.
Also, currently security technology is handled by the services side, but we're also working to place proxy servers in front of the servers that provide services. We can protect the services by preprocessing requests on the proxy servers so that they don't forward unnecessary requests to the services.
For example, almost all servers use only the GET method, so we wouldn't give them requests that use the POST method. Going further, it might also be possible to use machine learning to distinguish between necessary and unnecessary access.
As CPUs and networks have speeded up, it's become possible to make these defenses stronger. Of course, we also have to make sure that the processing burden doesn't become excessive. I have big dreams for the future.
※ Information current as of August 2016.