-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/2/2013 10:31 PM, valdis.kletni...@vt.edu wrote: > On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said: > >> Google is setting a higher bar here, which may be sufficient to deter >> a lot of bots and script kiddies for the next few years, but it's not >> enough against nation-state or serious professional level attacks. > > To be fair though - if I was sitting on information of sufficient value that I > was a legitimate target for nation-state TLAs and similarly well funded > criminal organizations, I'd have to think long and hard whether I wanted to > vector my e-mails through Google. It isn't even the certificate management > issue - it's because if I was in fact the target of such attention, my threat > model had better well include "adversary attempts to use legal and extralegal > means to get at my data from within Google's infrastructure". > > "Operation Aurora".
Well, the "bar" started at something as trivial as FireSheep. And I'm sure many more silly (in retrospect) exploits remain to be discovered in any cloud-based infrastructure (the bigger the cloud, the bigger the target, the greater the potential damages/losses). And a lot of infrastructure remains vulnerable to something as trivial as FireSheep. Jeff -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDk/dUACgkQiwXJq373XhYS6QCgtUyTSNHg8zXA5JxECi/c1Jd+ oDsAn0sSG3nZXSmKWUz2+wZ/1P3EXsps =B0X3 -----END PGP SIGNATURE-----