Yahoo, Google, and Microsoft Fix Email Security Flaws

YahooMIH83 / Pixabay

Email service providers Yahoo! Inc. (NASDAQ:YHOO), Google, and Microsoft Corporation (NASDAQ:MSFT) have all addressed security flaws in their services, which created leeway for people to spoof messages coming from their systems. The vulnerability was first detected by Zachary Harris, a mathematician. Harris received an email that seemingly appeared to come from a Google head-hunter.  Nevertheless, Harris got wind of the scam, after noting that although the header information was okay, a weak DKIM key was being used.

Yahoo, Google, and Microsoft Fix Email Security Flaws

Apparently, all three mail providers were leaving gaping loopholes in the implementation of the Domain Key Identified Mail (DKIM) mechanism. Instead of settling for long secure DKIM keys, they were settling for keys with less than 1024 bit RSA keys. While a section of high profile hackers still consider 1024 bits considerably easy to crack, they are more secure than shorter keys, which are widely considered to be a walk in the park. Furthermore, increased computational power available in the cloud makes it very easy for hackers to walk past shorter keys.

A U.S. cert note revealed on Wednesday that  Google Inc (NASDAQ:GOOG), Yahoo! Inc. (NASDAQ:YHOO), and  Microsoft Corporation (NASDAQ:MSFT) have now fixed the problem. In light of this security flaw, it has also been noted that other big companies have the same problem.

Driven by curiosity, after discovering the flaws in Google Inc (NASDAQ:GOOG), Harris went ahead to take a look at eBay and Twitter. The mathematician established that the companies were using less secure 512- bit keys. Harris also took a look at notable companies in the financial services segment, like PayPal and HSBC and found out they were using only 768-bit keys.

U.S. cert maintains that system administrators should replace all RSA signing keys fewer than 1024 bits with better alternatives. It also notes that administrators should completely blank off testing mode on production servers.

Yahoo! Inc. (NASDAQ:YHOO), Google Inc (NASDAQ:GOOG), and Microsoft are key rivals in both email services and search services. Over the next years, competitive dynamics are expected to change, as the popular social network, Facebook, has in the past noted that it has big search engine ambitions.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)






About the Author

Sheeraz Raza
Sheeraz is our COO (Chief - Operations), his primary duty is curating and editing of ValueWalk. He is main reason behind the rapid growth of the business. Sheeraz previously ran a taxation firm. He is an expert in technology, he has over 5.5 years of design, development and roll-out experience for SEO and SEM. - Email: sraza(at)valuewalk.com

Be the first to comment on "Yahoo, Google, and Microsoft Fix Email Security Flaws"

Leave a comment