FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-21-2010, 12:58 AM
Scott Ferguson
 
Default Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

On 21/09/10 10:33, "Mr. Teo En Ming (Zhang Enming) *恩鸣 of Singapore"
wrote:
> Article: Google Warns of China Exit Over Hacking
> Link: http://online.wsj.com/article/SB126333757451026659.html
>
> I don't think it is that easy to hack if you are using SSL connections
> and very strong passwords. How long would it take supercomputers to
> perform a brute force attack if you are using a strong password with
> at least 20 characters, and a combination of upper case and lower case
> letters, numbers, and symbols?
>
> I am wondering if Chinese government officials could have secretly
> approached specific Google China employees for direct access to the
> Google GMail email accounts of human rights activists in China? It
> would have been far simpler to do it that way. What is the size of
> China's sovereign wealth fund?
>
According to some Google employees I've heard from - during late
December and early January Google undertook a massive review of staff
recruitment processes in China, and system security, with just that
scenario in mind.
China's desire to access Google's data is probably no stronger than say,
Mossad's, NSA's, etc. etc.
I've no idea how much money China has.

Cheers

--
*In case you never receive this mail, please notify me immediately*


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4C980325.7070809@gmail.com">http://lists.debian.org/4C980325.7070809@gmail.com
 
Old 09-21-2010, 01:32 AM
Robert Holtzman
 
Default Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

On Tue, Sep 21, 2010 at 10:58:13AM +1000, Scott Ferguson wrote:

.........snip........

> >
> According to some Google employees I've heard from - during late
> December and early January Google undertook a massive review of staff
> recruitment processes in China, and system security, with just that
> scenario in mind.
> China's desire to access Google's data is probably no stronger than say,
> Mossad's, NSA's, etc. etc.
> I've no idea how much money China has.

Be assured, they have enough.

--
Bob Holtzman
Key ID: 8D549279
"If you think you're getting free lunch,
check the price of the beer"
 
Old 09-21-2010, 03:12 AM
Morgan Gangwere
 
Default Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

On 9/20/2010 7:32 PM, Robert Holtzman wrote:
> On Tue, Sep 21, 2010 at 10:58:13AM +1000, Scott Ferguson wrote:
>
> .........snip........
>
>>>
>> According to some Google employees I've heard from - during late
>> December and early January Google undertook a massive review of staff
>> recruitment processes in China, and system security, with just that
>> scenario in mind.
>> China's desire to access Google's data is probably no stronger than say,
>> Mossad's, NSA's, etc. etc.
>> I've no idea how much money China has.
>
> Be assured, they have enough.
>

Not enough to make google violate their own agreements.

--

Morgan Gangwere

>> Why?
> Because it breaks the logical flow of conversation, plus makes
messages unreadable.
>>> Top-Posting is evil.
 
Old 09-21-2010, 04:29 AM
T o n g
 
Default Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

On Tue, 21 Sep 2010 08:33:43 +0800, Mr. Teo En Ming (Zhang Enming) *恩鸣 of
Singapore wrote:

> I don't think it is that easy to hack if you are using SSL connections
> and very strong passwords. . .

Please keep your discussion focused on the technical issues.
Please do not disguise a political discussion using technical discussion
sugar coating.

THIS IS A TECHNICAL MLIST. Anything beyond technical discussion should be
considered abusing.

Please refrain yourself from drugging people into political wars. I'm
sick and tire of it.

THANK YOU!

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i79cb3$tkt$1@dough.gmane.org">http://lists.debian.org/i79cb3$tkt$1@dough.gmane.org
 
Old 09-21-2010, 08:32 AM
Adam Carter
 
Default Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

On Tue, Sep 21, 2010 at 10:40 AM, "Mr. Teo En Ming (Zhang Enming) *恩鸣 of Singapore" <space.time.universe@gmail.com> wrote:

Article: Google Warns of China Exit Over Hacking

Link: http://online.wsj.com/article/SB126333757451026659.html



Nice to be back in January and OT
*
I don't think it is that easy to hack if you are using SSL connections and very strong passwords. How long would it take supercomputers to perform a brute force attack if you are using a strong password with at least 20 characters, and a combination of upper case and lower case letters, numbers, and symbols?


In TFA they said the attack against google was sophisticated and IP was also stolen, so if that's true it wasnt a brute force against gmail accounts which isnt sophisticated or would reveal any of google's IP.


Also an easier way to attack gmail passwords would be via a MITM with a dodgy certificate. x509 authentication is as weak as the weakest CA in a web browsers trusted certificate store.... Remember the the dodgy mozilla cert from last year?

*


I am wondering if Chinese government officials could have secretly approached specific Google China employees for direct access to the Google GMail email accounts of human rights activists in China? It would have been far simpler to do it that way. What is the size of China's sovereign wealth fund?


Or they could get their agents to apply for jobs at google and get in that way.

This would be OnT at securityfocus.com Security Basics list.You'd probably get an answer about the password cracking time there, but you'd need to specify the conditions (online or offline, and if offline what format the passwords are stored in)
 

Thread Tools




All times are GMT. The time now is 10:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org