|
I’m Pretty Sure I Love You, But Still Can’t Prove It
by Tek-Tips |
|
The first time I got a whiff of how search engines would work was in a UNIX lab at Cal around ‘93. A couple of guys were hacking out a way to browse the library stacks and they gave me a hint at what things would look like today. Flash forward a couple of years to the Yahoo IPO and we watched as ads rolled across browsers and the dream of truly low hanging fruit from search results intrigued everyone in the advertising world. The big laugh back then was the massive amounts of data that would need to be sorted to be useful to advertising. Then along came those guys from Stanford and the Google Bear.
Today we follow Google’s experience in China, that market of 350 million Internet users, hoping upon hope that it will lead to serious opportunities for more technology and science workers. Business around Silicon Valley is working hard to build relationships and deal with the deep mysteries of commerce in the land of the other bear, the one that’s been sleeping these many years.
As expected, "The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China." Unless Google is at risk, why the public criticisms of China?
According to SecureWorks’ Joe Stewart, in his detailed work on the code, "a snippet of the source code used in the backdoor Trojan horse program planted by the exploit (called “Hydraq” by various anti-virus companies) matched a source code sample that was detailed in a Chinese-language white paper on mathematical algorithms used in electronics."
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
 |
Mining the Cloud to Ease the Enterprise Compliance Burden | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
Operation Aurora: Clues in the Code
"Perhaps the most interesting aspect of this source code sample is that it is of Chinese origin, released as part of a Chinese-language paper on optimizing CRC algorithms for use in microcontrollers. The full paper was published in simplified Chinese characters, and all existing references and publications of the sample source code seem to be exclusively on Chinese websites. This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is China."
Still, having origins in China does not get you a public apology from the government. If that is our demand, just an apology, and a promise to quit what They’re doing, we may want to re-think our approach. After all, why is the government of China not cowering in their boots?
According to www.krebsonsecurity.com, "Chinese Windows users may have the most to lose from the public exploitation of this vulnerability." Former Washington Post blogger, Brian Krebs writes, "that one of China’s most-visited anime sites was recently hacked and seeded with the Aurora exploit, serving those who visited with IE6 a Trojan that dropped at least 32 different malicious programs, including password stealers and tools used to enlist infected PCs in coordinated, distributed cyber attacks." The site goes on to quote Gary Warner, research director at U. of Alabama computer forensics, "“There is just a lot of active exploitation going on in the Chinese market right now, and part of that is because there’s a much larger use of IE6 there than there is over in the United States.”
If Google’s technology was threatened, if that is what the markets are thinking, no one is saying. Though this week’s 10% drop in share price after decent earnings doesn’t evoke confidence. If you have any feelings on the subject, love to hear from you.
Tags: Google
This entry was posted on Wednesday, January 27th, 2010 at 9:45 AM and is filed under Community Manager. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Comments
-
Chas says:
Joe Stewart’s claim is questionable. The nibble crc16 has been around for years:
http://technolinked.blogspot.com/2010/01/aurora-code-circulated-for-years-on.html
Like or Dislike:
0 
0
|
| Making The Buy For Trust Seal For ease of access, we have added a 'Buy' button to the very top of the Trust Seal landing page. This helps to ensure that it is easily visible and accessible to users and that it doesn't get missed further... VeriSign At SES The VeriSign Authentication team was at SES last week talking up the VeriSign Trust Seal which was recently launched in February, and Seal-in-Search - a service where search engine users can see the VeriSign Trust Seal next to sites protected... VeriSign Now a Symantec Company We are very excited to be a Symantec company! If you haven't already heard, VeriSign has been acquired by Symantec. The deal was made official on August 9, 2010. We are very excited about new opportunities for increasing and offering... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
