How a Google Headhunter's E-Mail Revealed Massive Misuse of DKIM 115
concealment writes with a tale of how an email sent to a mathematician led to him discovering that dozens of high profile companies were using easily crackable keys to authenticate mail sent from their domains. From the article: "The problem lay with the DKIM key (DomainKeys Identified Mail) Google used for its google.com e-mails. DKIM involves a cryptographic key that domains use to sign e-mail originating from them – or passing through them – to validate to a recipient that the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender's DNS records and verify the validity of the signature. Harris wasn't interested in the job at Google, but he decided to crack the key and send an e-mail to Google founders Brin and Page, as each other, just to show them that he was onto their game."
Vote for me (Score:4, Funny)
This is Obama, please vote for me. This email is from me, you can verify it using DKIM public keys.
Regards
Romney
Re:C'mon.. (Score:5, Funny)
He is clearly lying or been living too much outside real world..
He's a professional mathematician. That's a given.