Google Apps Safe from DKIM Vulnerability, Says Google
The previous 512 bits encryption used by Google`s mail servers was deemed hack-able in less than 72 hours, enabling Harris to forge a legit digital signature and impersonate Sergey Brin, Google`s founder.
Harris estimated that Google Play was unsafe as well, as customers could have received spoofed emails from attackers exploiting the same vulnerability. Although Google fixed the flaw by setting in place 2048-bit keys, Google Apps customers have to manually generate domain keys and activate DKIM authentication.
Google provides step-by-step instructions that enable users to receive 1024-bit domain keys so email spoofing won`t be possible. With all Google domains now sporting 2048-bit keys, enforcing the same security policy for Google Apps might be trickier because more processing power would be required.
Harris believes that companies should be less bent on using strong keys and more focused on keeping up with the latest cryptographic standards. Emphasizing companies should heed to industry professionals` warnings and research updates, Harris said configuration settings and security fixes should be checked for, on a regular basis.
“The most important thing is that that you don`t just set this up once and forget about it,“ Harris said.
Google Apps users are encouraged to follow Google`s tutorials on how to plug the DKIM vulnerability, to avoid possible email spoofing.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 02, 2021
July 30, 2021