Filed under: Internet, Security, Google
It seems, if unnamed sources are to be believed, that the target of the cyberattack on Google back in January was none other than the unified Single Sign-On -- the system that controls access to almost every Google Web service, including Enterprise offerings and Gmail. Believe it or not, hackers managed to access the source code for the login system, potentially exposing any and all security flaws. Better yet -- and this is the stuff of real, tragic comedy -- it all started with one Google employee in China clicking a poisoned URL sent via Microsoft Live Messenger...Grandiosely dubbed 'Gaia', the Single Sign-On service is that omnipresent Google password box that you probably see multiple times every day, all over the Web. That the hackers managed to grab the source code has big and gribbly consequences -- the single sign-on becomes a single point of failure; email, credit card and private communications are exposed, trust in Giant G disappears... and the world wide web inexorably crumbles to dust.
Only that hasn't happened. We're still here. Gmail remains resolutely secure. Source code was stolen, not passwords. The New York Times' John Markoff does a good job of explaining the details, but falls short of accurately describing the repercussions... which is surprising, given his extensive knowledge of the Kevin Mitnick case. Anyway: Google are understandably tight-lipped about the situation, and beyond telling the world that they were bolstering security of their primary Web services, I bet the Single Sign-On system has been completely overhauled -- Gaia has been re-potted, so to speak. I doubt that the source code currently in the hackers' hands is worth more than the few magnetic sectors it's written on.
Google-wide authentication code stolen in Chinese attacks originally appeared on Download Squad on Tue, 20 Apr 2010 08:50:00 EST. Please see our terms for use of feeds.
Read | Permalink | Email this | Comments
No comments:
Post a Comment