Google, Microsoft and Yahoo fix serious email weakness2012-10-26 09:18 by DanielaTags: Google, Microsoft, Yahoo
Google, Yahoo and Microsoft have all fixed a vulnerability in their email-signing mechanisms that made it possible for people to spoof messages coming from their systems. The weakness affects DKIM, or DomainKeys Identified Mail, a security system used by major email senders. DKIM wraps a cryptographic signature around an email that verifies the domain name through which the message was sent, which helps more easily filter out spoofed messages from legitimate ones. The vulnerability was first reported by a mathematician named Zachary Harris, who received an email purporting to come from a Google headhunter. The email's header information, which proves who sent it, apparently looked in order, but Harris noticed that a weak DKIM key was being used. Harris found the problem wasn't limited to Google, but also Microsoft and Yahoo, all of whom appeared to have fixed the issue as of two days ago, according to US-CERT. Read more -here-
Post your review/comments
rate:
avg:
|