John Paczkowski

Recent Posts by John Paczkowski

Well, at Least Google Didn’t, Ahem, Lose Its Single Sign-On Source Code in a Redwood City Bar

So that “intellectual property” that was stolen in the “highly sophisticated and targeted attack” against Google late last year? Turns out it was some pretty serious stuff–the source code to Single Sign-On, the password system that controls access to most of Google’s services.

Obviously, a significant and worrisome theft. Single Sign-On, or Gaia as it’s known internally, is used to authenticate users of Gmail and a number of other Google online applications, including some designed for business.

Little wonder then that Google (GOOG) responded with such outrage to the attack. While the company was quick to add further layers of security and encryption to Single Sign-On once it discovered it had been compromised, the possibility that the source code to one of the most widely used online password systems in the world is in the hands of someone with malicious intent is troubling.

As the New York Times, which broke the story, notes, access to the system’s source code could reveal some exploitable security vulnerabilities that may have eluded Google’s engineers. And that would be bad news indeed.

Twitter’s Tanking

December 30, 2013 at 6:49 am PT

2013 Was a Good Year for Chromebooks

December 29, 2013 at 2:12 pm PT

BlackBerry Pulls Latest Twitter for BB10 Update

December 29, 2013 at 5:58 am PT

Apple CEO Tim Cook Made $4.25 Million This Year

December 28, 2013 at 12:05 pm PT

Latest Video

View all videos »

Search »

I think the NSA has a job to do and we need the NSA. But as (physicist) Robert Oppenheimer said, “When you see something that is technically sweet, you go ahead and do it and argue about what to do about it only after you’ve had your technical success. That is the way it was with the atomic bomb.”

— Phil Zimmerman, PGP inventor and Silent Circle co-founder, in an interview with Om Malik