A single email from a Google recruiter to mathematician Zachary Harris led to the discovery of a massive security flaw found in services like Google, Apple, PayPal, Amazon, eBay, and many others. By examining the email, Harris discovered that Google's corporate mail service was using a weak DKIM (DomainKeys Identified Mail) key, allowing him to disguise emails to look like they came from a verified company address. Check out Wired's full article to learn more about the vulnerability and to find out what happened when he spoofed emails to Google founders Sergey Brin and Larry page, disguised as one another.

Update: According to the IDG News Service, Microsoft, Google, and Yahoo have all updated their security, removing the weak 512-bit keys.