Major companies face security risks

By VAR_Staffing
In Channel
October 29, 2012

VAR_Staffing / VAR Staffing

It's an unfortunate fact that simple security threats can sometimes be overlooked. If a company is lucky, they will be able to catch the issue before any damage is done. This is the case with all businesses, big or small. If you are skeptical, just ask Google. The search engine giant had a massive net security hole discovered by a mathematician who thought he was being punked.

Zachary Harris, who was interviewed by Wired Magazine, received an email from what appeared to be a Google job recruiter. As the email appeared out of the blue and did not match his particular skill set, Harris assumed it might have been a scam. Upon examining the message more closely, he discovered a weak cryptographic key, which is used to certify recipients that emails are actually from Google.

Anyone that could break the encryption – which was only 512-bit as opposed to the standard and much stronger 1,024- or 2,048-bit – would be able to send emails that could impersonate any sender from Google, including founders Sergey Brin and Larry Page.

Harris assumed this had to be some kind of test, as there was no way Google would be so careless. He proceeded to break the encryption and send an email to both founder, as themselves, where he plugged his personal website. He received no response but two days later Google's key was 2,048 bits.

The tech giant wasn't the only company to have had this problem as Yahoo and Microsoft also had to fix this issue.

It's clear that cybersecurity is an ever-evolving necessity that IT Principals in any business need to be aware of. VARs and MSPs can be solid resources to help combat any form of a digital threat.

Read More