On Tue, Sep 21, 2010 at 10:40 AM, "Mr. Teo En Ming (Zhang Enming) 张恩鸣 of Singapore" <space.time.universe@gmail.com> wrote:
Article: Google Warns of China Exit Over Hacking
Link: http://online.wsj.com/article/SB126333757451026659.html


Nice to be back in January and OT ;)
 
I don't think it is that easy to hack if you are using SSL connections and very strong passwords. How long would it take supercomputers to perform a brute force attack if you are using a strong password with at least 20 characters, and a combination of upper case and lower case letters, numbers, and symbols?

In TFA they said the attack against google was sophisticated and IP was also stolen, so if that's true it wasnt a brute force against gmail accounts which isnt sophisticated or would reveal any of google's IP.

Also an easier way to attack gmail passwords would be via a MITM with a dodgy certificate. x509 authentication is as weak as the weakest CA in a web browsers trusted certificate store.... Remember the the dodgy mozilla cert from last year?
 

I am wondering if Chinese government officials could have secretly approached specific Google China employees for direct access to the Google GMail email accounts of human rights activists in China? It would have been far simpler to do it that way. What is the size of China's sovereign wealth fund?

Or they could get their agents to apply for jobs at google and get in that way.

This would be OnT at securityfocus.com Security Basics list.You'd probably get an answer about the password cracking time there, but you'd need to specify the conditions (online or offline, and if offline what format the passwords are stored in)