1 min read

Google Apps Safe from DKIM Vulnerability, Says Google

Liviu ARSENE

October 29, 2012

Google Apps Safe from DKIM Vulnerability, Says Google

The DKIM (Domain Key Identified Mail) vulnerability discovered by Zachary Harris in Google`s email servers poses no threat to Google Apps customers, according to Google spokeswoman Andrea Freund.

The previous 512 bits encryption used by Google`s mail servers was deemed hack-able in less than 72 hours, enabling Harris to forge a legit digital signature and impersonate Sergey Brin, Google`s founder.

Harris estimated that Google Play was unsafe as well, as customers could have received spoofed emails from attackers exploiting the same vulnerability. Although Google fixed the flaw by setting in place 2048-bit keys, Google Apps customers have to manually generate domain keys and activate DKIM authentication.

Google provides step-by-step instructions that enable users to receive 1024-bit domain keys so email spoofing won`t be possible. With all Google domains now sporting 2048-bit keys, enforcing the same security policy for Google Apps might be trickier because more processing power would be required.

Harris believes that companies should be less bent on using strong keys and more focused on keeping up with the latest cryptographic standards. Emphasizing companies should heed to industry professionals` warnings and research updates, Harris said configuration settings and security fixes should be checked for, on a regular basis.

The most important thing is that that you don`t just set this up once and forget about it,“ Harris said.

Google Apps users are encouraged to follow Google`s tutorials on how to plug the DKIM vulnerability, to avoid possible email spoofing.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read