Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Adam Carter <adamcarter3@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
Date: Tue, 21 Sep 2010 09:06:11
Message-Id: AANLkTinqoQCmu80z6vRKJrOouptp2D_dRx7+3U3mv3ac@mail.gmail.com
In Reply to: [gentoo-user] Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC) by "Mr. Teo En Ming (Zhang Enming) 张恩鸣 of Singapore"
1 On Tue, Sep 21, 2010 at 10:40 AM, "Mr. Teo En Ming (Zhang Enming) 张恩鸣 of
2 Singapore" <space.time.universe@×××××.com> wrote:
3
4 > Article: Google Warns of China Exit Over Hacking
5 > Link: http://online.wsj.com/article/SB126333757451026659.html
6 >
7 >
8 Nice to be back in January and OT ;)
9
10
11 > I don't think it is that easy to hack if you are using SSL connections and
12 > very strong passwords. How long would it take supercomputers to perform a
13 > brute force attack if you are using a strong password with at least 20
14 > characters, and a combination of upper case and lower case letters, numbers,
15 > and symbols?
16 >
17
18 In TFA they said the attack against google was sophisticated and IP was also
19 stolen, so if that's true it wasnt a brute force against gmail accounts
20 which isnt sophisticated or would reveal any of google's IP.
21
22 Also an easier way to attack gmail passwords would be via a MITM with a
23 dodgy certificate. x509 authentication is as weak as the weakest CA in a web
24 browsers trusted certificate store.... Remember the the dodgy mozilla cert
25 from last year?
26
27
28 >
29 > I am wondering if Chinese government officials could have secretly
30 > approached specific Google China employees for direct access to the Google
31 > GMail email accounts of human rights activists in China? It would have been
32 > far simpler to do it that way. What is the size of China's sovereign wealth
33 > fund?
34 >
35
36 Or they could get their agents to apply for jobs at google and get in that
37 way.
38
39 This would be OnT at securityfocus.com Security Basics list.You'd probably
40 get an answer about the password cracking time there, but you'd need to
41 specify the conditions (online or offline, and if offline what format the
42 passwords are stored in)
Report Message
Find on MARC Find on Google Groups