la_vie_noire: (Default)
la_vie_noire ([personal profile] la_vie_noire) wrote2011-08-30 01:16 am
Entry tags:

Go to hell gmail

Via [personal profile] stoneself, Hackers acquire Google certificate, could hijack Gmail accounts.

It's pretty obvious Google doesn't care about the privacy and security of its users at all, they are just desperate to make money. (The G+ shit is also a perfect example for this.)
the_future_modernes: a yellow train making a turn on a bridge (Default)

[personal profile] the_future_modernes 2011-08-30 05:45 am (UTC)(link)
yepyep!!!
asim: (Default)

[personal profile] asim 2011-08-30 11:59 am (UTC)(link)
Knowing what I know about these issues -- and agreeing that G+ is increasingly becoming a huge ugly mess for Google, one that's hurting a lot of people -- this isn't the same situation, and it's not one that I'd lay at Google's feet.

I'll be honest -- I have some formal as well as informal training in this kind of thing. The way SSL certs work, Google can't really hide them away in a lockbox -- you have to share them with people like DigiNotar/Vasco, or Verisign, who handles a lot of the "core" SSL business. And once you do, you have to, again because of how SSL is setup, depend on them to keep that cert secure.

And if you don't hand it out? No SSL connections from many browsers for you. So you're stuck depending on someone else's security for these things -- and I'd lay the responsibility at Vasco's feet, not at Google's.