Email service providers Yahoo! Inc. (NASDAQ:YHOO), Google, and Microsoft Corporation (NASDAQ:MSFT) have all addressed security flaws in their services, which created leeway for people to spoof messages coming from their systems. The vulnerability was first detected by Zachary Harris, a mathematician. Harris received an email that seemingly appeared to come from a Google head-hunter. Nevertheless, Harris got wind of the scam, after noting that although the header information was okay, a weak DKIM key was being used.
Apparently, all three mail providers were leaving gaping loopholes in the implementation of the Domain Key Identified Mail (DKIM) mechanism. Instead of settling for long secure DKIM keys, they were settling for keys with less than 1024 bit RSA keys. While a section of high profile hackers still consider 1024 bits considerably easy to crack, they are more secure than shorter keys, which are widely considered to be a walk in the park. Furthermore, increased computational power available in the cloud makes it very easy for hackers to walk past shorter keys.
A U.S. cert note revealed on Wednesday that Google Inc (NASDAQ:GOOG), Yahoo! Inc. (NASDAQ:YHOO), and Microsoft Corporation (NASDAQ:MSFT) have now fixed the problem. In light of this security flaw, it has also been noted that other big companies have the same problem.
Driven by curiosity, after discovering the flaws in Google Inc (NASDAQ:GOOG), Harris went ahead to take a look at eBay and Twitter. The mathematician established that the companies were using less secure 512- bit keys. Harris also took a look at notable companies in the financial services segment, like PayPal and HSBC and found out they were using only 768-bit keys.
U.S. cert maintains that system administrators should replace all RSA signing keys fewer than 1024 bits with better alternatives. It also notes that administrators should completely blank off testing mode on production servers.
Yahoo! Inc. (NASDAQ:YHOO), Google Inc (NASDAQ:GOOG), and Microsoft are key rivals in both email services and search services. Over the next years, competitive dynamics are expected to change, as the popular social network, Facebook, has in the past noted that it has big search engine ambitions.