Posts Tagged ‘e mail services’

E-mail services vulnerable

E-mail Services

Companies Google, Microsoft, Yahoo!, PayPal and eBay recently eliminated a gap in a cryptographic system to e-mail services, which allowed hackers to forge a digital signature and send them messages purportedly from the employees of these companies.

The vulnerability exists in the system DomainKeys Identified Mail (DKIM), which is used by e-mail providers to make special reports cryptographic signature. This signature confirms the domain name of the sender, which simplifies the process of filtering malicious messages.

DKIM implementation issue was that if the amount of the signature key is less than 1024 bits, if sufficient computing power can be forged. US-CERT has confirmed in the notice that the keys are shorter than 1.024 bits do not provide a sufficient level of security, and that all the keys up to RSA-768 can be forged. (more…)