The Quiet Attack on Your Gmail
Hackers compromised a "crown jewel" Google password system, the New York Times has revealed, and maybe used it to create secret, still-active back doors. What if there are back doors already being used to compromise Gmail?
The email service has been hit by a mysterious hacking outbreak in recent weeks. But longtime Times tech reporter John Makoff writes that the Chinese hackers who famously attacked Google earlier this year accessed the source code of Google's "Gaia" master authentication system, which controls access to email and other applications. Markoff is careful to note that Gmail has added an extra layer of security since the break-in, and that no actual GMail passwords were compromised, but he also writes that, having the source code, the hackers were uniquely positioned to identify and exploit any vulnerabilities in the code, and to leave back doors for when said vulnerabilities were fixed.
Google told the Times everything is fine now, which is comforting for those of us who have no interest in going back to the days of Pine, and who are thus willing not to think too hard about the fact that Google basically stormed out of the whole Chinese market in a huff over these attacks.