Re: Gmail and SSL

[Jeff Kell <jeff-kell () utc edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 1/2/2013 10:31 PM, Valdis.Kletnieks () vt edu wrote:
> On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
>
> > Google is setting a higher bar here, which may be sufficient to deter
> > a lot of bots and script kiddies for the next few years, but it's not
> > enough against nation-state or serious professional level attacks.
>
> To be fair though - if I was sitting on information of sufficient
value that I
> was a legitimate target for nation-state TLAs and similarly well funded
> criminal organizations, I'd have to think long and hard whether I
wanted to
> vector my e-mails through Google. It isn't even the certificate management
> issue - it's because if I was in fact the target of such attention, my
threat
> model had better well include "adversary attempts to use legal and
extralegal
> means to get at my data from within Google's infrastructure".
>
> "Operation Aurora".

Well, the "bar" started at something as trivial as FireSheep.  And I'm
sure many more silly (in retrospect) exploits remain to be discovered in
any cloud-based infrastructure (the bigger the cloud, the bigger the
target, the greater the potential damages/losses).

And a lot of infrastructure remains vulnerable to something as trivial
as FireSheep.

Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
 
iEYEARECAAYFAlDk/dUACgkQiwXJq373XhYS6QCgtUyTSNHg8zXA5JxECi/c1Jd+
oDsAn0sSG3nZXSmKWUz2+wZ/1P3EXsps
=B0X3
-----END PGP SIGNATURE-----