Recent posts
Posted by Debbie Howlett (November 08, 2012)
| Tags : email, public record, Pennsylvania, Right to Know Law, Supreme Court
A decision by the Pennsylvania Supreme Court should serve as a
reminder that email correspondence through school-issued accounts is not
private, though critics of the ruling fear it could result in a
substantial cost to local districts.
Pennsylvania residents can read the email messages of elected officials under a decision in favor of a local newspaper, the Morning Call, recently upheld by the state Supreme Court.
Read full article
Posted by Pierre Chamberland (November 07, 2012)
| Tags : cloud based messaging, electronic discovery, cloud computing, email, privacy laws, data retention, eDiscovery, email migration, cloud migration, Office 365
Cloud based messaging providers stress the significant efficiencies to
be gained when marketing their services. Cloud computing services may
have a significant impact on your organization’s ability to comply with
eventual electronic discovery obligations.
Courts have traditionally
held companies responsible for preserving and producing electronic data
that is within the organization’s “possession, custody or control.” If
your email records reside with a third-party as a result of a contract
to provide a service to your organization, consider it likely that you
will be considered in “control” of your email records, even if they are
not in your actual possession.
Read full article
Posted by Debbie Howlett (November 07, 2012)
| Tags : DKIM, domain keys, email, google, cloud computing, Netmail Secure, DNS, spoofing
It was a strange email, coming from a job recruiter at Google,
asking Zachary Harris if he was interested in a position as a
site-reliability engineer. “You obviously have a passion for Linux and programming,” the email
from the Google recruiter read. “I wanted to see if you are open to
confidentially exploring opportunities with Google?”
Harris was intrigued, but skeptical. The email had come to him last
December completely out of the blue, and as a mathematician, he didn’t
seem the likeliest candidate for the job Google was pitching. So he wondered if the email might have been spoofed – something sent
from a scammer to appear to come from the search giant. But when Harris
examined the email’s header information, it all seemed legitimate.
Then he noticed something strange. Google was using a weak
cryptographic key to certify to recipients that its correspondence came
from a legitimate Google corporate domain. Anyone who cracked the key
could use it to impersonate an email sender from Google, including
Google founders Sergey Brin and Larry Page.
The problem lay with the DKIM key Google used for its google.com emails. DKIM involves a cryptographic
key that domains use to sign e-mail originating from them – or passing
through them – to validate to a recipient that the domain in the header
information on an e-mail is correct and that the correspondence indeed
came from the stated domain. When email arrives at its destination, the
receiving server can look up the public key through the sender’s DNS
records and verify the validity of the signature. For security reasons, the DKIM standard calls for using keys that are at least 1,024 bits in length. But Google was using a 512-bit key – which could be easily cracked with a little cloud-computing help.
Read full article
