E-mail services are the largest companies are vulnerable to phishing attacks

Posted: October 25, 2012 in IT Security News, Security Notices
Tags: , , , ,

E-mail services vulnerable

E-mail Services

Companies Google, Microsoft, Yahoo!, PayPal and eBay recently eliminated a gap in a cryptographic system to e-mail services, which allowed hackers to forge a digital signature and send them messages purportedly from the employees of these companies.

The vulnerability exists in the system DomainKeys Identified Mail (DKIM), which is used by e-mail providers to make special reports cryptographic signature. This signature confirms the domain name of the sender, which simplifies the process of filtering malicious messages.

DKIM implementation issue was that if the amount of the signature key is less than 1024 bits, if sufficient computing power can be forged. US-CERT has confirmed in the notice that the keys are shorter than 1.024 bits do not provide a sufficient level of security, and that all the keys up to RSA-768 can be forged.

The first about the issue, said the American mathematician Florida Zachary Harris, who has received from the HR Google message that uses a 512-bit key. According to Wired, he decided to show his find by sending Sergey Brin message purportedly from Larry Page, and Larry Page, in turn, received a message purportedly from Sergey Brin.

Harris subsequently found that the problem was not limited to Google – Internet companies Microsoft PayPal, Yahoo!, Amazon, eBay, Apple, Dell, LinkedIn, Twitter, US Bank, HP, Match.com and HSBC may also be victims of fraud.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s