Well, at Least Google Didn’t, Ahem, Lose Its Single Sign-On Source Code in a Redwood City Bar

So that “intellectual property” that was stolen in the “highly sophisticated and targeted attack” against Google late last year? Turns out it was some pretty serious stuff–the source code to Single Sign-On, the password system that controls access to most of Google’s services.

Obviously, a significant and worrisome theft. Single Sign-On, or Gaia as it’s known internally, is used to authenticate users of Gmail and a number of other Google online applications, including some designed for business.

Little wonder then that Google (GOOG) responded with such outrage to the attack. While the company was quick to add further layers of security and encryption to Single Sign-On once it discovered it had been compromised, the possibility that the source code to one of the most widely used online password systems in the world is in the hands of someone with malicious intent is troubling.

As the New York Times, which broke the story, notes, access to the system’s source code could reveal some exploitable security vulnerabilities that may have eluded Google’s engineers. And that would be bad news indeed.

vigyaan

Like you pointed out – the thieves would have to find some exploitable vulnerabilities in the source code that Google engineers haven't found yet. There is a saying in security world “False assumption of security is more harmful then not having security” While stealing of source code is serious, it might just help Google make its code more secure! It isn't nearly as serious as stealing the private keys that would protect the keying data.
res08hao

Since it wasn't returned, that is proof positive Gizmodo didn't
take/steal/buy it.

Well, at Least Google Didn’t, Ahem, Lose Its Single Sign-On Source Code in a Redwood City Bar

comments so far. Add yours.

AllThingsD by Writer