|Report: Google's Password System Hit By Hack In December|
Report: Google's Password System Hit By Hack In December [nytimes.com]
|Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications. |
|The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said. |
1+ for the cloud?
These are the things people need to be thinking of before they put all of there data into someone elses hands
As I suspected.. All these adWords accounts getting hacked..inspite of all evidence to the contrary, always thought something was wrong at Google. ( however kept quite, thinking I would be laughed out.. but in hindsight..)
The issue here is the economic importance of something as the Google Account.
I personally suspected from day 1 that this was the target: partly because they reveled that some dissident's gmail accounts were hacked.
Well, in G's world, if you can access Gmail, you can access everything else too (because of SSO/Gaia)
SSO is OK, everyone else does it (M$, Yahoo, FB...) the problem is that a lot of G's services are actually economically important (adword, adsense, webmaster tools, analytics, docs)
this is the hardest thing for the cloud: protect the login.
However, I think G can pull it off, they have enough talent at hand for this.
Some suggestions: the login protection should be behaviorally based: take into account source, tool used for login, action once in the account, etc...
I was just watching a piece on CNN about rolling out quantum broadband internet.
Here's a short piece about it.
It's always been about money, many hackers claim it's just for fun, but for the majority that's just a plain lie, especially if G$$gle is involved.
However faint? Believe me, if there is a weakness it will be found. Things are always in the last place you think to look because you stop looking afterwards. Hackers are no different and won't stop either so this plug merely makes them move along until they find the next flaw.
The real weakness, or maybe the biggest bullseye, is connecting ALL things G together with one password to begin with. It makes you want to limit how many Google services you use, email and adsense account for example... do they really need the same password ?