Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1006
share rss forum feed


antdude
A Matrix Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

1 edit

2 recommendations

Google Headhunter's E-Mail Unraveled a Massive Net Sec. Hole

»www.wired.com/threatlevel/2012/1 ··· espread/ from »www.linuxsecurity.com/content/vi ··· w/158247 and »it.slashdot.org/story/12/10/24/1 ··· -of-dkim ...

"So he wondered if the e-mail might have been spoofed – something sent from a scammer to appear to come from the search giant. But when Harris examined the e-mail’s header information, it all seemed legitimate. Then he noticed something strange. Google was using a weak cryptographic key to certify to recipients that its correspondence came from a legitimate Google corporate domain. Anyone who cracked the key could use it to impersonate an e-mail sender from Google, including Google founders Sergey Brin and Larry Page."
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13

1 recommendation

Re: Google Headhunter1s E-Mail Unraveled a Massive Net Sec. Hole

Nice find. Not so nice the lack of thank you from GOOG

Cudni


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24

1 recommendation

reply to antdude
I would have thought that Google would have at least acknowledged what he'd found and thanked him for doing so. Nice that they changed it, but without his playing, they wouldn't have known about it. What a lack of manners, if nothing else.

Tobester

join:2000-11-14
San Francisco, CA
Reviews:
·SONIC.NET

1 recommendation

said by jaykaykay:

I would have thought that Google would have at least acknowledged what he'd found and thanked him for doing so. Nice that they changed it, but without his playing, they wouldn't have known about it. What a lack of manners, if nothing else.

Google is just following the normal corporate playbook.

Deny, Deny, Deny until given proof,
and the Deny the accuracy of the proof.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
reply to antdude
If I were Google, I would have offered him $500,000 for the info and asked him nicely to leave the specifics of the vulnerability out of any future comments to the press.

Just saying...