clock menu more-arrow no yes

Filed under:

Weak encryption practices at Google, Apple, banks, and others could lead to easy email spoofing

New, 15 comments
gmail for android spam
gmail for android spam

A single email from a Google recruiter to mathematician Zachary Harris led to the discovery of a massive security flaw found in services like Google, Apple, PayPal, Amazon, eBay, and many others. By examining the email, Harris discovered that Google's corporate mail service was using a weak DKIM (DomainKeys Identified Mail) key, allowing him to disguise emails to look like they came from a verified company address. Check out Wired's full article to learn more about the vulnerability and to find out what happened when he spoofed emails to Google founders Sergey Brin and Larry page, disguised as one another.

Update: According to the IDG News Service, Microsoft, Google, and Yahoo have all updated their security, removing the weak 512-bit keys.