Author Topic: Google, Citing Attack, Threatens to Exit China [FIXED :) ]  (Read 47902 times)

0 Members and 1 Guest are viewing this topic.

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #30 on: January 16, 2010, 12:31:27 PM »
yeah Polonus, it's indeed very difficult to find out how it happened with Google. One million theories are possible, from the attacked user downloading malware without being aware of anything (and it's not just porn or cracks like the author of the article you mentioned said to prove his point...we all know it could just as well be stuff that sounds legit) to the infiltated user running IE6 purposely and what else...we'll never know, and it's not usual that a company discloses the details of such an attack after an investigation.
 I don't even know if a majority of users are running Chrome in Google offices. That's a cliché and a journalism...humm...cliché  ;D Now if a majority does indeed run Chrome, strange a hacker (from China) did just find the one running IE6...sounds quite improbable...unless as said (by me) the IE6 user is an infiltrated Chinese agent who tried to conceal the attack means by looking like a victim himself. Everything is possible Secret services didn't wait for the Internet to happen to use all sorts of means, everything in this area is allowed we know that and we also know that we never get to know the truth in most cases, at least not a detailed truth.
 I for one would believe and accept for now some sort of very global truth: Google as well as tens of other companies and western gvt networks have been attacked again and again by intelligence services working directly for the Chinese authorities.
 Yeah, not saying that "we" (the West) don't have such practices...don't tell me that Israel  the US, UK and the French are not spying, they do it all the time... but, at gvt level with enemies and not commercial allies like China does. This is all theory...I admit I can't make any factual statement in this area. Too many rumors, and I'm not an insider.
 What does interest me to be honest is whether Google yes or no will stick to its word... and we don't know yet. I have doubts...I can well imagine that in a few months from now Google will be posting on their blog that they're still having talks with the Chinese and Google.cn will still be up and running and filtering...

may be a beginning of something happening, see here:
Quote
Google.cn is going rogue
Jan 16, 2010 17:16
http://asia.cnet.com/blogs/sinobytes/post.htm?id=63016204&scid=hm_bl



 as to the details of the cyber attack perpetrated against Google, those guys should know a few things:
http://www.mandiant.com/
they're in charge of Cyber security for Google
http://www.computerworld.com/s/article/9145279/Chinese_authorities_behind_Google_attack_researcher_claims
« Last Edit: January 16, 2010, 12:53:21 PM by Logos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Google, Citing Attack, Threatens to Exit China
« Reply #31 on: January 16, 2010, 01:30:42 PM »
Hi Logos,

There are also speculations that because of the weak overall security status of the Chinese networks that hack was performed THROUGH China, a kind of a false flag cyber attack. This because the stories of a vulnerability in IE6, sophisticated encryption being used for the first time for this level of an attack. And who to know more about the Chinese network than Google.cn? Too many unryhmed things here. Can you come up with any links about these speculations? Malcreants from outside China also use China as a homebase for their malcode re-directs (gumblar etc.). In the latest attacks there were Chinese and American servers involved....
Again more questions than answers here,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #32 on: January 16, 2010, 01:36:07 PM »
@ Polonus: interesting, that also is possible, following this path Google itself could be behind everything to justify today's moves. I'll try to find out more...the problem with the Internet is when you're non-objectively looking for something you'll always find it... so that's not easy.


Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: Google, Citing Attack, Threatens to Exit China
« Reply #34 on: January 16, 2010, 03:06:06 PM »
I now really doubt whether cloud is safe

How can you trust Google doc and other places?

Impossible!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Google, Citing Attack, Threatens to Exit China
« Reply #35 on: January 16, 2010, 03:16:56 PM »
Hi Chris Thomas,

But this what happened just after the hacks, where GMail accounts were involved:
Just hours after Google disclosed it and at least 20 other large companies were the targets of highly sophisticated cyberattacks, the online giant said it would enhance the security of its email service by automatically encrypting entire web sessions.

The change, which Google is in the process of rolling out now, means Gmail sessions will be automatically protected from start to finish with the SSL, or secure sockets Layer, protocol, even if a user doesn't specifically ask for it. Up until now, users had to check a setting in their Gmail options to get always-on encryption.

The change bolsters Google's already significant lead in protecting web users against so-called man-in-the-middle attacks, which allow miscreants to read and modify web traffic by sitting in between victims and the sites they surf. Yahoo Mail, eBay, MySpace, Facebook, and a wide variety of other sites continue to offer https encryption only when users are logging in, making email and other sensitive pages that are visited later susceptible to so-called sidejacking and similar attacks.

The change, which many security advocates had demanded, was announced a few hours after Google accused China-based hackers of carrying out highly sophisticated attacks designed to ferret out human rights advocates. Exploits targeting Gmail services largely failed, but Google said "dozens" of accounts had been routinely accessed by unauthorized parties through phishing or malware attacks on the users themselves.

Google didn't elaborate on those attacks, so there's no way to know if always-on encryption would have prevented those account holders from being compromised. Still, the automatic use of https makes good sense and allows Google to rightfully claim even more higher ground relative to its peers. (Twitter is one of the few other popular services to offer start-to-finish https).

"We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data," Gmail Engineering Director Sam Schillace wrote. "Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do."

Those who want to disable the feature may do so by checking a "Don't always use https" box in Gmail settings. Even then, Gmail login pages will continue to be encrypted.

polonus

P.S. Do not forget we have National Cybersecurity Awareness Month:
http://www.america.gov/cybersecurity.html

D
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #36 on: January 16, 2010, 03:40:32 PM »
off topic: whatever, hacking or not hacking, I've always believed it was mad to store sensitive data on the cloud. At least Google can access it, or any other site owner on another cloud. Wouldn't store anything without strong encryption, but then the downside is that the data you stored isn't as quickly accessible as desired.
 Another example would be Mozilla Weave: first they offer that you can use the software to store the data (Firefox data) wherever you want, on your own server if you want, and they say if you choose the Mozilla server it's encrypted there, and themselves cannot access it. This is impossible to check of course.
 Again, I'd never store anything sensitive/private without encrypting it first. There are enough free and good tools for that.

 Btw, I've been on HTTPS for Gmail for ages, long before the setting was offered in the interface. It always supported ssl, and that was set for me permanently in CustomizeGoogle extension, with a very short connection to non-ssl before rerouting to ssl, so not a hundred percent secure at the time. Anyway good to know you can also browse Google doc in sll mode. You can also use NoScript options to force https on a few sites, like Twitter or facebook... (careful with Twitter otherwise, even if started in https, it can switch randomly to http; as to facebook, some pages won't display at all in https).
« Last Edit: January 16, 2010, 03:49:52 PM by Logos »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Google, Citing Attack, Threatens to Exit China
« Reply #37 on: January 16, 2010, 04:09:25 PM »
Hi Logos,

If you are aware of what you (have/will) put online and you are not a victim of Identity Theft or your data haven't been stolen, using the Google services might be rather convenient. Make sure you flush the (search-DNS-etc.) content, the super cookie content, the cache content or use a webproxy when needed. We are so accustomed to the Google formula that we do not feel the need of having the panick button ready at hand to Secure Delete Immediately.
But going back on topic let us take a google-china poll here:
http://wordpress.3dn.nl/2010/01/14/google-china/
9source facebook user)
polonus
« Last Edit: January 16, 2010, 04:14:04 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #38 on: January 16, 2010, 06:43:55 PM »
Quote
Google Users in China Fear Losing Important Tool

BEIJING — At the elite Tsinghua University here, some students were joking Friday that they had better download all the Internet information they wanted now in case Google left the country.

http://www.nytimes.com/2010/01/17/world/asia/17china.html

Offline Shiw Liang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1435
Re: Google, Citing Attack, Threatens to Exit China
« Reply #39 on: January 17, 2010, 06:57:50 AM »
Now we found one disadvantage of cloud :)
Off topic:Hope they won't attack me ;D
             I'm a innocent child with only a firewall ;D

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #40 on: January 17, 2010, 02:30:41 PM »
yeah, this article was already there yesterday, I guess that's an updated version
Quote
Google denies leaving China, seeks negotiations
http://www.reuters.com/article/idUSTRE60E0BC20100117

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Google, Citing Attack, Threatens to Exit China
« Reply #41 on: January 17, 2010, 05:51:27 PM »
Hi Logos,

In the aftermath let us watch this video with various opinions:
http://www.guardian.co.uk/technology/video/2010/jan/13/google-challenge-china

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #42 on: January 17, 2010, 11:45:44 PM »
following the events, together with Germany, France deters from running Internet Explorer completely (I know, even if only IE6 was involved in the Google affair)
http://translate.google.com/translate?u=http%3A%2F%2Fwww.lemonde.fr%2Ftechnologies%2Farticle%2F2010%2F01%2F17%2Fla-france-et-l-allemagne-deconseillent-l-utilisation-d-internet-explorer_1292928_651865.html&sl=fr&tl=en&hl=&ie=UTF-8

yes, this is related to a vulnerability affecting IE8 as well...
http://www.microsoft.com/technet/security/advisory/979352.mspx
« Last Edit: January 18, 2010, 12:05:18 AM by Logos »

Hermite15

  • Guest
Re: Google, Citing Attack, Threatens to Exit China
« Reply #43 on: January 17, 2010, 11:49:01 PM »
Hi Logos,

In the aftermath let us watch this video with various opinions:
http://www.guardian.co.uk/technology/video/2010/jan/13/google-challenge-china

polonus

thanks, watching now  ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33668
  • malware fighter
Re: Google, Citing Attack, Threatens to Exit China
« Reply #44 on: January 17, 2010, 11:50:30 PM »
Hi Logos,

Last Friday this cross site scripting exploit worked on Google:
http://www.youtube.com/watch?v=VnJiGW6fsBo

Has been patched now, but still...
Well as their search engine had a meagre 17% of the China market, and Baidu had 77%, they have an excuse to leave after this mis-adventure. It is a pity Bing did not know earlier, because MS is gonna stay and hope for an eventual clamp on pirated versions there..

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!