John Paczkowski

Recent Posts by John Paczkowski

Well, at Least Google Didn’t, Ahem, Lose Its Single Sign-On Source Code in a Redwood City Bar

So that “intellectual property” that was stolen in the “highly sophisticated and targeted attack” against Google late last year? Turns out it was some pretty serious stuff–the source code to Single Sign-On, the password system that controls access to most of Google’s services.

Obviously, a significant and worrisome theft. Single Sign-On, or Gaia as it’s known internally, is used to authenticate users of Gmail and a number of other Google online applications, including some designed for business.

Little wonder then that Google (GOOG) responded with such outrage to the attack. While the company was quick to add further layers of security and encryption to Single Sign-On once it discovered it had been compromised, the possibility that the source code to one of the most widely used online password systems in the world is in the hands of someone with malicious intent is troubling.

As the New York Times, which broke the story, notes, access to the system’s source code could reveal some exploitable security vulnerabilities that may have eluded Google’s engineers. And that would be bad news indeed.