Google, Microsoft and Yahoo fix serious email weakness

Google, Yahoo and Microsoft have all fixed a vulnerability in their email-signing mechanisms that made it possible for people to spoof messages coming from their systems.

The weakness affects DKIM, or DomainKeys Identified Mail, a security system used by major email senders. DKIM wraps a cryptographic signature around an email that verifies the domain name through which the message was sent, which helps more easily filter out spoofed messages from legitimate ones.

The vulnerability was first reported by a mathematician named Zachary Harris, who received an email purporting to come from a Google headhunter. The email's header information, which proves who sent it, apparently looked in order, but Harris noticed that a weak DKIM key was being used.

Harris found the problem wasn't limited to Google, but also Microsoft and Yahoo, all of whom appeared to have fixed the issue as of two days ago, according to US-CERT.

Read more -here-

• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding
• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data