jump to navigation

More detail surfaces about the attack on Google April 20, 2010

Posted by jonathanpenn in cyberwar/CIP.
trackback

John Markoff’s article yesterday in the New York Times reveals that Google’s authentication system, code-named Gaia, was one of the targets of attack.

The target wasn’t Google users’ passwords, but the authentication system itself (Markoff refers to it as a “single sign-on” system; I’m reluctant to do that, since my own experience shows it to be a rather confusing mesh of both interconnected and disconnected authenticators…seems like Google could do a lot more to help users link and manage their IDs under one master account of their choosing). Why not the passwords? It’s far more valuable to gain access to the code and learn the intricacies – and weaknesses – of the system itself, rather than gain access to a few (or even a few thousand) accounts. My own theory is this is why Adobe and various antimalware companies were targeted by the same network of attacks: the former to find more weaknesses in Flash and Acrobat to exploit, and the latter to learn how to bypass security mechanisms designed to defeat such attacks.

Markoff has several other excellent articles on the cyber attacks made public by Google in January, most notably this one.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: