Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Warning Gmail Users About State-Sponsored Attacks

Posted by Soulskill on from the state-of-distributed-denial dept.

Trailrunner7 writes "Google, whose users have been frequent targets of suspected attacks by foreign governments, is deploying a new warning system for users who may be victims of those kinds of attacks. The new system is in addition to existing warnings that Google will show Gmail users when their accounts may have been accessed by attackers. Gmail users have been on the receiving end of a number of known attacks, including the infamous Google Aurora attack that has been blamed on China. Part of that operation was aimed at a specific subset of Gmail users, including Chinese dissidents and journalists. Now, Google says it will warn users about exactly that kind of activity."

3 of 69 comments (clear)

  1. Google thinks texting is secure??? by madbavarian · · Score: 5, Insightful

    Google's security people aren't thinking straight. They believe there is state sponsored hacking and they then recommend their silly phone pin nonsense ("two factor authentication")? Did they think that the phone channel was secure? They don't believe someone could watch them send the PIN over a text message? If they really cared about security they'd ween people off of passwords and only use computer generated RSA/DSA keys. I believe that browsers already allow client certificates for setting up https connections. Using computer generated and invoked keys would solve the phishing and guessing attacks. The keys would have a high enough search space that guessing would be impossible. The connections would be authenticated in a way that wouldn't expose the private key itself, so phishing wouldn't work. 1) the google server key would be checked in a secure crypto manner and a MITM attack wouldn't be possible. 2) the user's key would be checked in they standard public key crypto manner also, which wouldn't expose the private key in the process of authentication. Crap, I know practically nothing about crypto and can punch holes in Googles stuff. They don't think the equivalent of some evil country's NSA could do much better?ï

  2. so what about NSA accesses? by Anonymous Coward · · Score: 5, Interesting

    One of two things are true:

    1) Google never ever receives any requests for information from the NSA;

    2) What Google actually means is that it will warn Gmail users about state-sponsored "attacks" from countries the US isn't on perfect terms with.

    It's one thing to have corporations battling with government for control. It's quite another when one information-gathering corporation has become so big that it's playing its own overt part in the propaganda war.

  3. How about the American government? by Eightbitgnosis · · Score: 5, Insightful

    Somehow I don't think I'd be getting a notification in this situation