Thursday, January 14, 2010

Google's internal spy system was Chinese hacker target

Computerworld has a very interesting story about the Google/China flap.

Reporter Robert McMillan quotes an unnamed source:

…they [hackers] apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. “Right before Christmas, it was, ‘Holy s***, this malware is accessing the internal intercept [systems],’” he said.

Google was already hosting a spy system that provided the Chinese government, and any other government with user data. They merely had to request that data through a warrant. That internal spy system became the weak spot in Google’s security technology.

But why would the Chinese government try to hack into a system that was already providing it with user data?!

Clearly, the Chinese government was looking at collecting data on all other Google users, not just human rights activists. China was trying to spy on us all! And Google’s internal spy system compromised all its users.

This reveals that Google collects information about all of its users all of the time and in a format that enables it to easily had it over to any government agency that orders a search warrant. This is an embarrasing revelation.

What’s worse is that Google is using the pretext of human rights to hit back at China, when it was a vulnerability in its internal spying system that potentially compromised all Google users, not just human rights activists.

From: http://blogs.zdnet.com/Foremski/?p=1047


You can read more information about this at:
Google's response to being attacked by China
A New Approach to China

Friday, January 08, 2010

JUNOS (Juniper) Flaw Exposes Core Routers to Kernel Crash

A report has been received from Juniper at 4:25pm under bulletin PSN-2010-01-623 that a crafted malformed TCP field option in the TCP header of a packet will cause the JUNOS kernel to core (crash). In other words the kernel on the network device (gateway router) will crash and reboot if a packet containing this crafted option is received on a listening TCP port. The JUNOS firewall filter is unable to filter a TCP packet with this issue. Juniper claims this issue as exploit was identified during investigation of a vendor interoperability issue.

There is talk that backbone Internet providers have been quickly patching this issue since yesterday night.

For more information, please read this blog:
http://praetorianprefect.com/archives/2010/01/junos-juniper-flaw-exposes-core-routers-to-kernal-crash/