Home Technology Yahoo, Google, and Microsoft Fix Email Security Flaws

Yahoo, Google, and Microsoft Fix Email Security Flaws

Advertisement Disclosure: When you purchase through our sponsored links, we may earn a commission from our partners. By using this website you agree to our T&Cs.

Email service providers Yahoo! Inc. (NASDAQ:YHOO), Google, and Microsoft Corporation (NASDAQ:MSFT) have all addressed security flaws in their services, which created leeway for people to spoof messages coming from their systems. The vulnerability was first detected by Zachary Harris, a mathematician. Harris received an email that seemingly appeared to come from a Google head-hunter.  Nevertheless, Harris got wind of the scam, after noting that although the header information was okay, a weak DKIM key was being used.

Yahoo, Google, and Microsoft Fix Email Security Flaws

Apparently, all three mail providers were leaving gaping loopholes in the implementation of the Domain Key Identified Mail (DKIM) mechanism. Instead of settling for long secure DKIM keys, they were settling for keys with less than 1024 bit RSA keys. While a section of high profile hackers still consider 1024 bits considerably easy to crack, they are more secure than shorter keys, which are widely considered to be a walk in the park. Furthermore, increased computational power available in the cloud makes it very easy for hackers to walk past shorter keys.

A U.S. cert note revealed on Wednesday that  Google Inc (NASDAQ:GOOG), Yahoo! Inc. (NASDAQ:YHOO), and  Microsoft Corporation (NASDAQ:MSFT) have now fixed the problem. In light of this security flaw, it has also been noted that other big companies have the same problem.

Driven by curiosity, after discovering the flaws in Google Inc (NASDAQ:GOOG), Harris went ahead to take a look at eBay and Twitter. The mathematician established that the companies were using less secure 512- bit keys. Harris also took a look at notable companies in the financial services segment, like PayPal and HSBC and found out they were using only 768-bit keys.

U.S. cert maintains that system administrators should replace all RSA signing keys fewer than 1024 bits with better alternatives. It also notes that administrators should completely blank off testing mode on production servers.

Yahoo! Inc. (NASDAQ:YHOO), Google Inc (NASDAQ:GOOG), and Microsoft are key rivals in both email services and search services. Over the next years, competitive dynamics are expected to change, as the popular social network, Facebook, has in the past noted that it has big search engine ambitions.

Our Editorial Standards

At ValueWalk, we’re committed to providing accurate, research-backed information. Our editors go above and beyond to ensure our content is trustworthy and transparent.

Sheeraz Raza
Editor

Want Financial Guidance Sent Straight to You?

  • Pop your email in the box, and you'll receive bi-weekly emails from ValueWalk.
  • We never send spam — only the latest financial news and guides to help you take charge of your financial future.