Source Code To Google Authentication System Stolen

Aardvark writes "More details are coming out about the extent of the break-in at Google a few months ago. The NY Times is reporting that one of the things stolen was the source code to Google's single sign-on authentication system, called Gaia. Though Google is making changes to the system, the theft raises the possibility that attackers could analyze the code to find new exploits to take advantage of in the future. No wonder that Eric Schmidt recently said they've become paranoid about security."

Paranoid about security?

Strange - didn't you guys say if I had nothing to hide, privacy didn't matter?

Re:Paranoid about security?

[WrongSizeGlass]

Strange - didn't you guys say if I had nothing to hide, privacy didn't matter?

What they meant was your privacy didn't matter to them.

Re:Paranoid about security?

[coolgeek]

Really, this shouldn't matter, unless they are doing something they should not be doing.

Re:Paranoid about security?

[d'baba]

Am agreeing here. Am reminded of article which said. "Microsoft is a bunch of arrogant business people. Google is a bunch of arrogant engineers."
If security depends on code it is insecure. Period.
If security depends on people it is insecure. Period.
It is insecure. Period.
----
Hypertext isn't what it's marked up to be.

Re:Paranoid about security?

[drsmithy]

Strange - didn't you guys say if I had nothing to hide, privacy didn't matter?

No, they said if you willingly broadcast your life all over the intarclouds they you have no grounds to complain about your privacy being violated when others (ab)use that information.

Re:Paranoid about security?

Please understand the context of a quote before referencing said quote. Eric Schmidt said:

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.

Have a nice day.

Re:Paranoid about security?

[martin-boundary]

Except that when others (some journalists from CNET) (ab)used the data about Eric Schmidt that was broadcast far and wide on the intarclouds, Google complained and blackballed everybody from CNET for a year.

Who knew they only meant that we shouldn't overreact?

Re:Paranoid about security?

[Daengbo]

OK, more context:

Q: People are treating Google like their most trusted friend. Should they be?

A: I think judgement matters If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.”

In this context, "doing it" now refers to "treating Google like their most trusted friend" because otherwise, the phrase would be "shouldn't have it."

People are too political about this issue and refuse to actually think. Screw grammar. The meaning is quite clear in context. If you don't want someone to find out about something you're doing, don't do it through Google (or any other search engine). They all keep records and can all be subpoenaed. Use some other method.

So, yeah, don't trust GOOG with your darkest secrets. Schmidt said it, himself. Also, if you're smoking pot, do it in you house and not in the public park.

Sauce?

tar.gz or it didn't happen

More Eyes

[Daengbo]

More eyes make the bugs shallow, right? ;)

Re:More Eyes

[thoughtsatthemoment]

Unless the bug have developed an invisibility cloak.

Re:More Eyes

[Soilworker]

That's why you need to look at it from a 45 degree angle.

Re:More Eyes

[Thanshin]

But then the bugs will appear to be in IE8.

Many eyes = problem?

[choongiri]

So, Schmidt is worried because google was relying on security through obscurity?

Re:Many eyes = problem?

[Gamer_2k4]

So, Schmidt is worried because google was relying on security through obscurity?

Whoever modded you Flamebait was dead wrong. Open disclosure is one of the major principles of security, and security through obscurity is an awful thing to trust in. It's true that openly available systems can be more susceptible to attacks, but a sufficiently robust system should be able to stand up to the scrutiny.

Re:Many eyes = problem?

I can appreciate that security through obscurity is false, but I kinda got the impression that they weren't really relying on obscurity, rather the enemy now has that much better a chance of finding something they missed. Can you say with absolute certainty that any open source software is absolute bulletproof? Even OpenSSH and OpenSSL have released numerous minor revisions to fix potential security exploits. Being open source doesn't automatically mean it's more secure, but when you've got a ton riding on some piece of software I think a bit of paranoia is justified.

Re:Many eyes = problem?

[macshit]

that they weren't really relying on obscurity, rather the enemy now has that much better a chance of finding something they missed

That's called relying on obscurity. If having the source code lets you find something Google missed, that means Google missed something.

No, it doesn't. There's a big difference between relying on obscurity -- which google, apparently, was not -- and simply being concerned because the bad guys have more ability to search for flaws.

The latter is a pretty natural human reaction to an event like this, regardless of how well designed their security system is, because all designs, and all code, potentially contains flaws, even if designed and implemented by the most brilliant security researchers.

Re:Many eyes = problem?

[Vellmont]

and simply being concerned because the bad guys have more ability to search for flaws.

Much of the world relies on security systems that are completely open and available to everyone. One of the prime examples is openSSH. Another prime example in openSSL. I don't hear too many people worried that these systems are more vulnerable because attackers have access to the code.

The latter is a pretty natural human reaction to an event like this, regardless of how well designed their security system is, because all designs, and all code, potentially contains flaws, even if designed and implemented by the most brilliant security researchers.

Panic and stupidity are also natural human reactions. Since when did something being "natural" become a justification for something? I can understand the reaction, but that doesn't mean it's right.

It's pretty stupid to rely on code remaining secret. Code is something that's very difficult to make secret as it gets copied all over the place. How many people at Google already have access to it? It seems to me that if Google really wants to be secure they should just release the damn code so "the good guys" also have access to it, since apparently "the bad guys" already do.
   

Re:Many eyes = problem?

[InlawBiker]

They found Google's secret sauce.

    If Request.Form("password") = "JOSHUA" Then
    Response.Write("Greetings, Professor Falken")
    Set Godmode=1

Re:Many eyes = problem?

[anarche]

Yes they missed something, from TFA

The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.

By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer...

How google missed a stupid employee? "But" (you yell) " there had to be a flaw that let them gain access!". Yes, there was a flaw:

The attacks took advantage of a flaw in Internet Explorer 6 that was quickly patched, although the damage had been done.

So a google employee in China was using IE6 and clicking on links from someone who claimed to be another employee who wished to remain anonymous?

They missed an idiot. Pure and simple.

Re:Many eyes = problem?

[jimthehorsegod]

if I can hide one key element in my web infrastructure by closing off the source, even if I know the code is perfect, this is a step I will take.

But you can't close off the source - you have to accept the possibility that someone to whom you've granted access to the source could be hostile to you - in which case you have this exact same situation again (only you possibly don't even know it) It is true, however it might go against a natural reaction to keep your cards close to your chest, that if you rely on the 'bad guys' not seeing your code then you are relying on security through obscurity, and that means that outside the ring of trust, the only people who will *ever* see that code (if anyone) will be hostile

If there is such a source code breach at Google, it wouldn't be a bad idea for them to open it up for the rest to use.

Well quite - but seeing as you'll potentially never know if someone with malicious intent had already gained access, you might the best option is openness from the start...

Re:Many eyes = problem?

[SharpFang]

I worked at a big portal, and I can say it was not possible to protect our apps from -everything-.
Some things are not possible - like keeping IPs of all the users ever vs every page in the portal visited ever. Too much data, simply.

We depended on obscurity - keeping the code secret - in several cases:
  - make the attacker believe the attack succeeded while it didn't, to make them continue this vector instead of trying something harder which could actually succeed
  - short-lived, statistical blacklists. If you knew you got blacklisted, you'd mitigate it, say, by switching IP.
  - caches that make your results unverifiable. Even if you affected the page on current page, you'll get result from one of 100 random nodes in the cluster, which was unaffected and thus you won't see results of your attack and decide it's not working.
  - volatile personal caches. If you really want, you can change the way the site behaves - for you. Nothing and nobody else will be affected.
  - bulletproof pages - several levels of fallback in case of error. If you manage to DoS one service, the page falls back to its alternative, quietly and transparently. It looks like your attack didn't work. It did, but we won't let you know it.

This is an efficient deceit that kills 99% of attacks dead in their tracks. Reading the sources by 3rd party would reveal it, and we'd be pretty much fucked - implementing -proper- security would cost a fortune, increase the cluster load by good 30%, and hold back current projects by months. But currently the site is built on a million of small white lies, so that if you try to break something, you never know if you succeeded or not.

Re:Many eyes = problem?

[SharpFang]

You seem to have never worked in 10k+ clicks per second environment.

A farm of several hundreds of servers works at between 80 and 100% load at all times. The developer costs are minor/negligible comparing to hardware, electricity and bandwidth costs. A man-month to optimize size of a single page by 1% is well worth the investment.

Increase of server load by 30% to remove another 0.1% of attacks is completely unacceptable. We don't care if 1% of users won't see the page. When the farm peaks in the rush hours about 5-10% won't anyway. So we're more concerned about these 5-10% than about that 1%. The core systems are properly secured - the main database and all script pages are 100% read-only from the frontend side. Devs and editors access it through dedicated link, which is properly secured. The only vulnerable parts are user-editable extras - fora, blogs, comments, polls, galleries. They are the first to cut off when the system peaks, they are sandboxed safely away so breaking them won't break the main articles, and honestly, if some of them get hacked from time to time - like someone takes over someone else's account, someone injects rude posts into someone's blog through some XSS, some poll gets skewed - nobody cares.

The beauty of the "deceitful" methods is that they cost nothing. A 401 error page would have to be displayed anyway, what costs us to replace it with a fake 200? A lookup into memcache brings necessary user ID along with blacklist status and then actually -saves- us a costly commit to disk. A proxy is there to protect the front servers from the traffic, the side effect of confusing the attacker is a desirable but not essential consequence. These counter-measures are okay because they cost only developer effort (cheap) and no server load (expensive).

Also, with Google eating up the lion share of the market, profit margins got much more narrow. It's not just a matter of buying another 500 servers. It's a matter of staying 3% above the break-even line, instead of 3% below. And if it comes to cutting costs, developers will be the first to cut.

Don't change it, release it

[Logos]

Seriously, the bad guys already have it, so enlist the help of the security community to improve it.

Re:Don't change it, release it

[dr-alves]

Not a rip off if you give it away and gain money/increase the readiness of the possible worker candidate pool out of it.

Re:Don't change it, release it

[TubeSteak]

Seriously, the bad guys already have it, so enlist the help of the security community to improve it.

There's probably a whole lot of stuff in that source code that is either a trade secret or gives clues to trade secrets google would rather keep private.

The most realistic course of action would be for them to hire some 3rd party pen testers and auditors to pick apart their code under a microscope.

Re:Don't change it, release it

[noidentity]

Seriously, the bad guys already have it, so enlist the help of the security community to improve it.

The code was stolen, so they're going to have to rewrite it from scratch. You'd think Google would have had a backup somewhere, but maybe they stole that too.

Cloud security?

[HockeyPuck]

I thought the cloud was secure?

Re:Cloud security?

[siddesu]

the cloud is secure. it is the dev workstations that are in danger :)

Re:Cloud security?

[MorderVonAllem]

By clicking on a link and connecting to a "poisoned" Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google's headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.

Unless it's a flaw directly within the messenger software rather than the user who clicked the link...Microsoft wasn't really involved...

Re:Cloud security?

[GNUALMAFUERTE]

Oh, except it was microsoft's operating system, and microsoft's messenger. I don't understand this concept of computing where you can click in "the wrong link". I can click in whatever link I want, and that is not supposed to destroy my computer. I use Pidgin on GNU/Linux. I can click on ANY link that I want. Clicking on the link won't do anything besides opening it on a browser, or asking me to download it. Except I sudo su and chmod +x $file and ./$file nothing is going to happen. But we hear all the time from windows users getting randomly infected with malware by just clicking on a fucking URL, or going to the wrong site, etc. Or just connecting on the wrong LAN. Clicking on a link IS NOT supposed to give ANYTHING any kind of execute permissions. I don't browse with Flash, but I do keep a Firefox-altern dir with Flash installed in case I really really need to check out something that requires Flash. I can't believe how invasive that thing is, and how many privileges it automatically grants to random content on the web. Same thing for JS. The simple fact that 'last measure' still works is living proof of how stupidly insecure certain technologies are.

And, no, it's not the user's fault for clicking on a link.

Re:Cloud security?

[spidr_mnky]

I agree with your point. The very notion of "dangerous sites" sounds to me something like "dangerous newspaper articles". There's something wrong with the concept.

That said, I will point out that it's not necessary to root the machine to leave a back door, and it's not even necessary to gain arbitrary execution as the user to gather private details, passwords to online accounts, etc.

Re:Cloud security?

[RzUpAnmsCwrds]

Oh, except it was microsoft's operating system, and microsoft's messenger. I don't understand this concept of computing where you can click in "the wrong link". I can click in whatever link I want, and that is not supposed to destroy my computer. I use Pidgin on GNU/Linux. I can click on ANY link that I want. Clicking on the link won't do anything besides opening it on a browser, or asking me to download it

Your attitude of invincibility is both dangerous and stupid. Firefox, like all web browsers, is complex software that has a long history of vulnerabilities. One buffer overflow vulnerability (and Firefox has a history of such vulnerabilities) is enough to run arbitrary code on your system.

Except I sudo su and chmod +x $file and ./$file nothing is going to happen.

Not true. The software you use every day almost certainly has security vulnerabilities that may allow code execution. History has shown that determined hackers have little trouble finding one.

But we hear all the time from windows users getting randomly infected with malware by just clicking on a fucking URL, or going to the wrong site, etc.

No, mostly we hear those stories from people who don't know what the hell they're talking about. If you download and run some arbitrary executable, well, yeah, you can get infected. The same could happen if you went and installed a malicious deb/rpm.

Those people who truly *were* infected by "just clicking on a fucking URL" (and not by deliberate acts of stupidity on their part) are victims of software vulnerabilities. And those vulnerabilities exist on every platform.

Oh, except it was microsoft's operating system, and microsoft's messenger.

Neither Microsoft's OS nor their messenger software had anything to do with this hole, although Internet Explorer might. Neither the messenger software nor the OS were vulnerable; the vulnerability was most likely either in the web browser or a plugin like Flash.

"Source Code [...] Stolen"

[Animaether]

Stolen?

What.. they are no longer in possession of the source code?

Re:"Source Code [...] Stolen"

[LingNoi]

Being positive today I'm going to go with maybe English isn't your first language. Here is a definition..

steal - take without the owner's consent; "Someone stole my wallet on the train"; "This author stole entire paragraphs from my dissertation"

They took the code without Google's consent, hence they stole it.

Re:"Source Code [...] Stolen"

They took the Movie without paying for MPAA consent, hence they stole it.

We like to change the meaning of the words when it's convenient for us

Re:"Source Code [...] Stolen"

[Animaether]

My point exactly - no matter how much it's modded "Off-topic" currently :D /karma

Re:"Source Code [...] Stolen"

[BC+Guy]

Being positive today I'm going to go with maybe English isn't your first language. Here is a definition..

steal - take without the owner's consent; "Someone stole my wallet on the train"; "This author stole entire paragraphs from my dissertation"

They took the code without Google's consent, hence they stole it.

hmmm. actually it sounds like you're the one with a poor grasp of what's going on here. Definition of 'take' - "to remove, capture, consume, or dispossess from someone else."

the sourcecode was not stolen. a copy of the sourcecode was stolen. and this is a crucial distinction since "steal" means to deprive from another. and while google has been violated, they most absolutely have not been deprived of any code.

a common sense analogy for you: say i break into your house and photocopy all of your books. no one would suggest that i've stolen your books. for me to have stolen you books, i would have to take then and leave you with nothing. in the google case that did not happen. hence OP's quite proper correction.

Re:"Source Code [...] Stolen"

[LingNoi]

Your book analogy isn't a similar situation at all. You didn't write the book, you weren't trying to keep it secret and the person possessing a copy doesn't negatively effect the original holder.

All of these things apply in Google's situation. Also my definition of steal is accurate, they broke in and copied the code without consent from Google. The copying part isn't the problem it is the without their consent part which makes it stealing.

Re:"Source Code [...] Stolen"

[LingNoi]

That's a different issue really. Copyright Infringement would be re-distributing copyright without permission of the owner, etc.

This code theft is taking copyright that they had no permission to take.

Re:"Source Code [...] Stolen"

[LingNoi]

I simply took the definition from Google.

http://www.google.com/search?hl=en&site=&q=define:stolen&btnG=Search

You should probably work for the music industry.

Just because I don't conform to your world view I'm suddenly working for the music industry? Grow up.

Open source it

[ka9dgx]

They should open source it, since a copy is out on the loose anyway. This could work to their advantage.

I still think capability based security is the only workable long term solution..

Re:so?

[3p1ph4ny]

http://www.slashcode.com/

Re:so?

[Urza9814]

i'd love to see /. put their source out there, money where their mouth is so to speak.

...You mean like http://www.slashcode.com/about.shtml ?

It's all about leverage

[el_flynn]

From TFA: "By clicking on a link [sent on Microsoft Messenger] and connecting to a 'poisoned' Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team."

I don't know about you, but I'm quite shocked at how an innocuous thing like this can lead to the theft of "one of Google's crown jewels". Are their security practises that lax over there in Google China? And, considering that this happened to Google - a leading Tech-savvy company - how many other corporations and conglomerates have already been hit by a similar attack? Banks? Military? Oil and Gas? Heck, MSFT?? After all, TFA reported that it was a "lightning raid that lasted less than two days".

And yeah, while TFA sounds like Luddite fear-mongering, I think it's a valid concern for everyone.

Re:It's all about leverage

From what I read back when news of this first broke, usually when these attacks are successful, the infiltration lasts for years, because the goal is to quietly and relatively slowly pilfer things like that source code, not make a big mess as quickly as possible. If they are undetected, the attack is a lot more successful. The fact that Google caught this in 2 days speaks well for their security team.

Thank goodness

[NEDHead]

This explains all those sexy emails my girlfriend has been getting from all kinds of different guys in her gmail account

Re:Security through obscurity

[dudpixel]

there was no mention of whether their security system is buggy or not. The attack was made through a hacked internet site, with the help of an internal employee, not by someone "hacking into" the system. The weak link in the chain is always people, not software.

wasn't this same attack linked to MS internet explorer 6? had to bring that up...of course I could be wrong.

Anyone know of any large company opening up the source code to their security systems?

Paranoia

[Internetuser1248]

This sounds very very bad to me, the worst fact being that security and paranoia always lead to bad decisions and breaches of rights. Even if we believe google's do no evil policy if they are pushed far enough they will become something we don't want.

Re:Paranoia

[causality]

This sounds very very bad to me, the worst fact being that security and paranoia always lead to bad decisions and breaches of rights. Even if we believe google's do no evil policy if they are pushed far enough they will become something we don't want.

So don't use their services except perhaps for their search engine, and even then in a highly controlled fashion (NoScript, no cookies, no redirections, no HTTP Ping, no Google Analytics, etc). It's how I deal with my concerns about them.

the level of interest and sophistication

[circletimessquare]

matched the target

that is, the economics of the attack is not a common one: your average podunk company offers what, exactly? and i'm not even talking in terms of financial possibilities, i'm talking in terms of corporate and political espionage, which the chinese government is interested in, not common robbery. because with google, if you break in, you get such a huge payoff in terms of strategic intelligence, unlike any other exploitable entity. so somewhere in china, a stable of minds are focused like a laser on you

and structurally, security wise, the problem is the same as terrorism: the good guys have to be vigilant all the time, they can't fail ever. while the bad guys: they can screw up time and again, that's ok. they learn even. they only need to get in once. so even if you are google, no, ESPECIALLY if you are google because you're such a fabled target, you are at a strategic disadvantage, even with all your resources, to be hacked. those who want to hack you are ready to invest heavily into hacking you: its a good investment, because the payoff is gargantuan, the economics of the security situation works against google

the REAL lesson is for us, the common joe blows of the world: don't put all of your eggs in one basket. have an ecosystem of interdepndent accounts with different companies. don't do EVERYTHING at google, or their exposure is your exposure

Re:Wrong security model

[nomadic]

As Bruce Schenier said, security through obscurity does not work...

That has been a mantra on slashdot since it started and I have never been convinced that it's necessarily true. There are plenty of examples where a security hole was discovered in 10+ years old open source code. On the other hand, there's no way of knowing how many security holes are never exploited because the company whose systems have it keeps quiet.

Re:Wrong security model

[grcumb]

"theft raises the possibility that attackers could analyze the code to find new exploits to take advantage of in the future"

As Bruce Schenier said, security through obscurity does not work...

Are you sure he said that, or did he say that it was wrong to rely on security through obscurity? Obscurity (i.e. not telling tales out of school) is one valid element of an overall security model.

Not quite as "insightful" as the mods think.

[neiras]

They took the code without Google's consent, hence they stole it.

Not quite. In most jurisdictions, the question "Is it theft?" is answered by the following tests.

  1. Was the property provably taken without consent?
  2. Was the property provably taken with the intent of depriving its rightful owner of said property?

If both of those tests are true, it's theft. In this case, Google still has a copy of their code, so the crime would not be considered theft in most jurisdictions.

Of course, in the USA there is no national definition of theft, since it's defined and prosecuted at the state level. Talk about confusing.

"Theft" is a concept that really varies in meaning from place to place. I guess that's why so many people jump on their high horse, wave their hands madly, and proclaim that various petty infringements are "stealing". They are probably right in the context of some banana republic somewhere.

Re:Not quite as "insightful" as the mods think.

[metacell]

Plagiarism isn't theft, it's just plagiarism.

Downloading a copyrighted mp3 is not theft, it's copyright infringement.

Using someone elses patented invention isn't theft, it's patent infringement.

And so on.

Re:Not quite as "insightful" as the mods think.

[Animaether]

Since Google could quite successfully argue in court that their closed source code has lost value it's theft.

Slow down there, cowboy :)

They would have to argue successfully that the major portion of its economic value or benefit is lost to him (does it really use 'him'? how quaint)

I would argue that most of the world could have the source code and there's no real economic value loss to Google unless their shares dropped for a few seconds or somesuch since this became public knowledge. I can take slashcode, for example, but I'm not going to succeed in removing 'the major portion of slashcode's economic value or benefit' as it'd take a miracle, not the source code, to make my site popular enough that advertisers and the like would pay substantially less to Slashdot.
Similarly... Google has the networks, the contracts, the installed userbase, etc. the code, in part, enables the the economic value.. but it isn't the emodiment thereof. They could replace it with any other ol' code that'd be a drop-in replacement (as apparently they're doing, in part) and the economic value wouldn't be altered (unless they make it inferior).

Re:Not quite as "insightful" as the mods think.

[metacell]

According to the definition of deprivation you quote, it's not enough to cause the property to lose value. You have to withhold it from the rightful owner so that it loses value. And the hackers weren't able to withhold Googles own source code from them.

I've noticed a lot of hacked accounts....

[zoid.com]

I've been sent spam recently from quite a few people who's gmail accounts have been hacked. Look at the gmail forums....

http://www.google.com/support/forum/p/gmail/label?lid=65ac3f0a8251ca2d&hl=en

Filled with spam from hacked account messages. Coincidence?

Google needs to move to two factor authentication

[Mattpw]

A cheap two factor solution like passwindow.com where the user tokens cost nothing to produce would be the best solution for mass deployment and more secure than most of the basic OTP electronic tokens which the trojans like Zeus are bypassing with MITB attacks. Anyone have any better ideas?

Re:More Eyes - if you publish

[rtfa-troll]

Yes; well the truth is that only if those eyes are looking (I'm sure the crackers will be). But still, it's yet another example that not publishing your source code just means that the only eyes looking other than your own are hostile eyes. Google should now publish the source code to this system and more of their other internal stuff that others could use and share.

Yes, coincidence, and much worse than spam

[Aargau]

Targeted zero day attacks to steal source code are worth 1000x more than an account to send spam on. Root at google? This is actually a big deal, above the realm of small bot shops, this is superpowers in a cyber arms race. Very strong implications on the security of cloud computing as the provisioning company can be the vector of attacks to any company it hosts.

Re:More Eyes - if you publish

[jimthehorsegod]

If the only eyes looking other than your own are hostile eyes...

The point being made was that this is the case only when you don't publish your code, and therefore the only way it gets out is if it's stolen - thus, now you have access and the person who stole it has access. If on the other hand you publish the code, then everyone, good and bad has access, and hopefully count(good) > count(bad)

tar.gz or it didn't happen

[Barryke]

I can imagine Google decides to replace Gaia. They might opensource parts of authentication or encryption code. A public audit if you will.

Re:Wrong security model

Bruce Schneier was just trying to explain Kerckhoff's principle, which is that all security must be assumed to lie in the token and not in the algorithm, because the problem space for algorithms is very, very small, while the problem space for tokens (eg, keys) can be made arbitrarily large. In other words, if Google's algorithm relied on its secrecy for its effectiveness, they weren't doing it right.

Re:capital letters are redundant

[dylan_-]

yes, certain brittle fragile minds can't deal with novel formatting.

Oh please! Nearly everyone tries "novel" forms of writing without capital letters, without punctuation, or of some other kind at least once. Usually when they're teenagers and they usually grow out of it when they realise it's nowhere near as "novel" as they first thought.

Capital letters are not redundant. They are incredibly useful due to the way we read. Once you're reached a certain level of proficiency in reading, you don't read one word at a time. You read whole sentences - sometimes several, or a short paragraph - in one go. You find the beginning, skip to the end, and look over the whole thing finding the meaning. This is a much quicker way of reading than a single word at a time.

Capital letters provide a very useful visual clue that quickly let you find the end of the sentence or block you wish to read and let you read it quickly. When they're absent, it slows you down and makes reading the text much more difficult and frustrating than it needs to be. It's simply poor communication.