Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC) (http://www.linux-archive.org/debian-user/429669-google-inc-could-compliant-chinese-government-beijing-peoples-republic-china-prc.html)

Scott Ferguson 09-21-2010 12:58 AM

Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
 
On 21/09/10 10:33, "Mr. Teo En Ming (Zhang Enming) *恩鸣 of Singapore"
wrote:
> Article: Google Warns of China Exit Over Hacking
> Link: http://online.wsj.com/article/SB126333757451026659.html
>
> I don't think it is that easy to hack if you are using SSL connections
> and very strong passwords. How long would it take supercomputers to
> perform a brute force attack if you are using a strong password with
> at least 20 characters, and a combination of upper case and lower case
> letters, numbers, and symbols?
>
> I am wondering if Chinese government officials could have secretly
> approached specific Google China employees for direct access to the
> Google GMail email accounts of human rights activists in China? It
> would have been far simpler to do it that way. What is the size of
> China's sovereign wealth fund?
>
According to some Google employees I've heard from - during late
December and early January Google undertook a massive review of staff
recruitment processes in China, and system security, with just that
scenario in mind.
China's desire to access Google's data is probably no stronger than say,
Mossad's, NSA's, etc. etc.
I've no idea how much money China has.

Cheers

--
*In case you never receive this mail, please notify me immediately*


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C980325.7070809@gmail.com">http://lists.debian.org/4C980325.7070809@gmail.com

Robert Holtzman 09-21-2010 01:32 AM

Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
 
On Tue, Sep 21, 2010 at 10:58:13AM +1000, Scott Ferguson wrote:

.........snip........

> >
> According to some Google employees I've heard from - during late
> December and early January Google undertook a massive review of staff
> recruitment processes in China, and system security, with just that
> scenario in mind.
> China's desire to access Google's data is probably no stronger than say,
> Mossad's, NSA's, etc. etc.
> I've no idea how much money China has.

Be assured, they have enough.

--
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
check the price of the beer"

Morgan Gangwere 09-21-2010 03:12 AM

Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
 
On 9/20/2010 7:32 PM, Robert Holtzman wrote:
> On Tue, Sep 21, 2010 at 10:58:13AM +1000, Scott Ferguson wrote:
>
> .........snip........
>
>>>
>> According to some Google employees I've heard from - during late
>> December and early January Google undertook a massive review of staff
>> recruitment processes in China, and system security, with just that
>> scenario in mind.
>> China's desire to access Google's data is probably no stronger than say,
>> Mossad's, NSA's, etc. etc.
>> I've no idea how much money China has.
>
> Be assured, they have enough.
>

Not enough to make google violate their own agreements.

--

Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes
messages unreadable.
>>> Top-Posting is evil.

T o n g 09-21-2010 04:29 AM

Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
 
On Tue, 21 Sep 2010 08:33:43 +0800, Mr. Teo En Ming (Zhang Enming) *恩鸣 of
Singapore wrote:

> I don't think it is that easy to hack if you are using SSL connections
> and very strong passwords. . .

Please keep your discussion focused on the technical issues.
Please do not disguise a political discussion using technical discussion
sugar coating.

THIS IS A TECHNICAL MLIST. Anything beyond technical discussion should be
considered abusing.

Please refrain yourself from drugging people into political wars. I'm
sick and tire of it.

THANK YOU!

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i79cb3$tkt$1@dough.gmane.org">http://lists.debian.org/i79cb3$tkt$1@dough.gmane.org

Adam Carter 09-21-2010 08:32 AM

Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)
 
On Tue, Sep 21, 2010 at 10:40 AM, "Mr. Teo En Ming (Zhang Enming) *恩鸣 of Singapore" <space.time.universe@gmail.com> wrote:

Article: Google Warns of China Exit Over Hacking

Link: http://online.wsj.com/article/SB126333757451026659.html



Nice to be back in January and OT ;)
*
I don't think it is that easy to hack if you are using SSL connections and very strong passwords. How long would it take supercomputers to perform a brute force attack if you are using a strong password with at least 20 characters, and a combination of upper case and lower case letters, numbers, and symbols?


In TFA they said the attack against google was sophisticated and IP was also stolen, so if that's true it wasnt a brute force against gmail accounts which isnt sophisticated or would reveal any of google's IP.


Also an easier way to attack gmail passwords would be via a MITM with a dodgy certificate. x509 authentication is as weak as the weakest CA in a web browsers trusted certificate store.... Remember the the dodgy mozilla cert from last year?

*


I am wondering if Chinese government officials could have secretly approached specific Google China employees for direct access to the Google GMail email accounts of human rights activists in China? It would have been far simpler to do it that way. What is the size of China's sovereign wealth fund?


Or they could get their agents to apply for jobs at google and get in that way.

This would be OnT at securityfocus.com Security Basics list.You'd probably get an answer about the password cracking time there, but you'd need to specify the conditions (online or offline, and if offline what format the passwords are stored in)


All times are GMT. The time now is 06:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.