Gmail and SSL
jeff-kell at utc.edu
Thu Jan 3 03:41:09 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 1/2/2013 10:31 PM, Valdis.Kletnieks at vt.edu wrote:
> On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
>> Google is setting a higher bar here, which may be sufficient to deter
>> a lot of bots and script kiddies for the next few years, but it's not
>> enough against nation-state or serious professional level attacks.
> To be fair though - if I was sitting on information of sufficient
value that I
> was a legitimate target for nation-state TLAs and similarly well funded
> criminal organizations, I'd have to think long and hard whether I
> vector my e-mails through Google. It isn't even the certificate management
> issue - it's because if I was in fact the target of such attention, my
> model had better well include "adversary attempts to use legal and
> means to get at my data from within Google's infrastructure".
> "Operation Aurora".
Well, the "bar" started at something as trivial as FireSheep. And I'm
sure many more silly (in retrospect) exploits remain to be discovered in
any cloud-based infrastructure (the bigger the cloud, the bigger the
target, the greater the potential damages/losses).
And a lot of infrastructure remains vulnerable to something as trivial
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the NANOG