Re: [gentoo-user] Google Inc. Could Be Compliant to the Chinese Government in Beijing, People's Republic of China (PRC)

[Adam Carter <adamcarter3@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1748 bytes --]

On Tue, Sep 21, 2010 at 10:40 AM, "Mr. Teo En Ming (Zhang Enming) 张恩鸣 of
Singapore" <space.time.universe@gmail.com> wrote:

> Article: Google Warns of China Exit Over Hacking
> Link: http://online.wsj.com/article/SB126333757451026659.html
>
>
Nice to be back in January and OT ;)


> I don't think it is that easy to hack if you are using SSL connections and
> very strong passwords. How long would it take supercomputers to perform a
> brute force attack if you are using a strong password with at least 20
> characters, and a combination of upper case and lower case letters, numbers,
> and symbols?
>

In TFA they said the attack against google was sophisticated and IP was also
stolen, so if that's true it wasnt a brute force against gmail accounts
which isnt sophisticated or would reveal any of google's IP.

Also an easier way to attack gmail passwords would be via a MITM with a
dodgy certificate. x509 authentication is as weak as the weakest CA in a web
browsers trusted certificate store.... Remember the the dodgy mozilla cert
from last year?


>
> I am wondering if Chinese government officials could have secretly
> approached specific Google China employees for direct access to the Google
> GMail email accounts of human rights activists in China? It would have been
> far simpler to do it that way. What is the size of China's sovereign wealth
> fund?
>

Or they could get their agents to apply for jobs at google and get in that
way.

This would be OnT at securityfocus.com Security Basics list.You'd probably
get an answer about the password cracking time there, but you'd need to
specify the conditions (online or offline, and if offline what format the
passwords are stored in)

[-- Attachment #2: Type: text/html, Size: 2473 bytes --]