Now, by analyzing the software used in the break-ins against Google and dozens of other companies, Joe Stewart, a malware specialist with SecureWorks, a computer security company based in Atlanta, said he determined the main program used in the attack contained a module based on an unusual algorithm from a Chinese-authored technical paper that has been published exclusively on Chinese-language Web sites.
http://news.cnet.com/Evidence-found-of-Chinese-attack-on-Google/2100-7349_3-6250413.html?tag=newsEditorsPicksArea.0 On Wed, Jan 20, 2010 at 6:51 AM, Densmore, Todd <[email protected]> wrote: > Mark, Dan, Smasher, etc. Thanks for the feedback. > > I saw the thread this weekend, but I had to wait until I today to respond. My > main motivation was to point out that there is no free lunch, and often even > security professionals forget to think critically. It was not meant to be a > thorough assessment of the actual 0-day. However I appreciate the correction, > the details of the exploit, and the observation that its sophistication was > probably exaggerated in the media. > > I have changed some implicit wording in the article about China and added an > addendum to the blog to clarify the exploit and thank sources. > > ~todd > > Todd Densmore > HP Software - Application Security Center > [email protected] > 770.343.7054 Office > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
