-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Jan 13, 2010 at 11:35 AM, Joel Esler <[email protected]> wrote:
> yeah, but that doesn't tell me how the attack too place, from a technical > standpoint. :) There is pretty clear evidence that someone (more than one someone, apparently) opened an attachment they shouldn't have, as described here: http://www.f-secure.com/weblog/archives/00001854.html - - ferg > > On Wed, Jan 13, 2010 at 1:54 PM, Paul Ferguson <[email protected]> > wrote: >> >> >> On Wed, Jan 13, 2010 at 10:28 AM, Joel Esler <[email protected]> wrote: >> >> > Did anyone else think that there are two parts to that Google attack? >> > Spearphishing, and it just seemed like there was another part, the >> > part involving other companies? >> > >> >> This is the most plausible explanation I have heard: >> >> "The US flaw-hunting specialist said that the attack was an attempt to >> steal source code on an industrial scale and was, in many cases, >> probably successful. If correct, this might explain why Google has by >> its own >> normally quite restrained standards gone ballistic to the extent of >> threatening to quit China." >> >> >> http://news.techworld.com/security/3210137/google-hack-hit-33-other-comp >> ani es/ >> >> Having been in contact with the "US flaw-hunting specialist" mentioned >> above, this lines up pretty accurately. >> >> - - ferg >> -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLTiFSq1pz9mNUZTMRAkuQAKDpA2zLWEYL0m7lBU6uFea2AhiEHwCg9oo1 wpdULAKStno2N+glVqg+45M= =BJwB -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
