Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Google Security Technology

Google Warning Gmail Users About State-Sponsored Attacks 69

Posted by Soulskill from the state-of-distributed-denial dept.
Trailrunner7 writes "Google, whose users have been frequent targets of suspected attacks by foreign governments, is deploying a new warning system for users who may be victims of those kinds of attacks. The new system is in addition to existing warnings that Google will show Gmail users when their accounts may have been accessed by attackers. Gmail users have been on the receiving end of a number of known attacks, including the infamous Google Aurora attack that has been blamed on China. Part of that operation was aimed at a specific subset of Gmail users, including Chinese dissidents and journalists. Now, Google says it will warn users about exactly that kind of activity."
This discussion has been archived. No new comments can be posted.

Google Warning Gmail Users About State-Sponsored Attacks More

Google Warning Gmail Users About State-Sponsored Attacks

Comments Filter:

  • Re:Google thinks texting is secure??? (Score:3, Informative)

    by Anonymous Coward on Tuesday June 05, 2012 @06:32PM (#40226269)

    First, there is an Android/iPhone/BlackBerry authenticator app (software one-time pad) that you can and should use instead of SMS-sent confirmation code if you don't have a dumbphone.

    Second, if you cannot use such an app: obviously SMS represents in no way a secure channel, but it still adds another unsecure channel a potential attacker has to identify then crack (although wiretapping SMS is peanut butter for NSA and friends, linking phone number to Google account might not always be trivial when using prepaid cards for example).

  • Re:Google thinks texting is secure??? (Score:5, Informative)

    by utkonos ( 2104836 ) on Tuesday June 05, 2012 @06:44PM (#40226415)
    Using computer generated RSA/DSA keys is actually a bit less secure than the best option, SRP. I'm not clear on why the Secure Remote Password protocol [wikipedia.org] is not deployed more widely.

    Another point is that you can use Google authenticator rather than the SMS garbage. This is much more secure and uses HMAC-Based One-Time Password Algorithm (RFC 4226) [ietf.org] and Time-Based One-Time Password Algorithm (RFC 6238) [ietf.org]. It even has a PAM module that you can use with just about anything that supports PAM, and it has iOS, Android, and Blackberry versions of the client app.

  • Re:How about... (Score:5, Informative)

    by betterunixthanunix ( 980855 ) on Tuesday June 05, 2012 @07:17PM (#40226765)

    Which email client has encryption installed out of the box?

    Outlook, Thunderbird, the mail client in OS X, Evolution, and KMail all come to mind -- they all at least support S/MIME out of the box. Now, I think S/MIME is not appropriate for the typical PC user's email and the PGP's web-of-trust approach is a lot better, but it is not as though there is no encryption option available in popular email clients.

    find out how to generate keys

    This is definitely the weakest link in the chain for email encryption -- I do not think any of the clients I mentioned above have an automatic key generation process. Maybe Google should submit a patch to Thunderbird instead of working on better ways to let people know that they have been compromised (or perhaps in conjunction with that).

    somehow get my public key to all of the people that I want to communicate with?

    S/MIME does this automatically when you send signed email to people.

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close