Weak encryption practices at Google, Apple, banks, and others could lead to easy email spoofing

By Kimber Streams on October 24, 2012 03:50 pm @kimberstreams 15Comments

A single email from a Google recruiter to mathematician Zachary Harris led to the discovery of a massive security flaw found in services like Google, Apple, PayPal, Amazon, eBay, and many others. By examining the email, Harris discovered that Google's corporate mail service was using a weak DKIM (DomainKeys Identified Mail) key, allowing him to disguise emails to look like they came from a verified company address. Check out Wired's full article to learn more about the vulnerability and to find out what happened when he spoofed emails to Google founders Sergey Brin and Larry page, disguised as one another.

Update: According to the IDG News Service, Microsoft, Google, and Yahoo have all updated their security, removing the weak 512-bit keys.

Source Wired
Related Items email security vulnerability encryption spoofing dkim Google Amazon Apple HP

There are 15 Comments. Load 'Em Up. Show speed reading tips and settings

Shortcuts to mastering the comment thread. Use wisely.

C - Next Comment
X - Mark as Read

R - Reply
Z - Mark Read & Next

Shift + C - Previous
Shift + A - Mark All Read

Comment Settings

Live comment alert: Hide it!

The Verge

Weak encryption practices at Google, Apple, banks, and others could lead to easy email spoofing

There are 15 Comments. Load 'Em Up. Show speed reading tips and settings

Comment Settings

Comments for this post are closed.