Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Shares Its Security Secrets

kdawson posted more than 6 years ago | from the cultural-values dept.

Security 106

Stony Stevenson writes "Google presents a big fat target for would-be hackers and attackers. At the RSA conference Google offered security professionals a look at its internal security systems. Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained how the company handles constant pressure and scrutiny from attackers. In order to keep its products safe, Google has adopted a philosophy of 'security as a cultural value.' The program includes mandatory security training for developers, a set of in-house security libraries, and code reviews by both Google developers and outside security researchers."

cancel ×

106 comments

More PHD Cowbell (5, Funny)

mfh (56) | more than 6 years ago | (#23026096)

Google fights scrutiny with scrutiny (and by having more PHDs than you).

Re:More PHD Cowbell (-1, Troll)

jgarra23 (1109651) | more than 6 years ago | (#23026700)


Google fights scrutiny with scrutiny (and by having more PHDs than you).


Never fear! Eventually the weight of all their paper geniuses will fail to be supported by theoretical bullshit READ: all these geniuses and their cash cow are these little tiny ads??? I saw an infomercial once like that in college...

Re:More PHD Cowbell (5, Funny)

jgarra23 (1109651) | more than 6 years ago | (#23026790)

Whoever modded me troll must have a PhD & work for Google :)

Good luck selling those tiny little ads!!

Re:More PHD Cowbell (2)

Anpheus (908711) | more than 6 years ago | (#23027630)

I don't think they need your luck, they seem to be doing well enough selling tiny little ads on their own.

Re:More PHD Cowbell (2, Interesting)

jgarra23 (1109651) | more than 6 years ago | (#23027732)

so is Don Lapre (http://en.wikipedia.org/wiki/Don_Lapre) this is the joke I'm referencing for all those who think I'm utterly without humor... I guess you had to be there...

Re:More PHD Cowbell (1)

BillyGee (981263) | more than 6 years ago | (#23029464)

I guess not so much lately though...Losing 35% of your stock price in 5 months (that's around $80 billion USD if you must know) doesn't paint the rosiest picture.

http://finance.yahoo.com/q/bc?s=GOOG&t=6m [yahoo.com]

http://www.alleyinsider.com/2008/2/2008/2/google_disaster__comscore_reports_awful_january [alleyinsider.com]

Re:More PHD Cowbell (1)

f8l_0e (775982) | more than 6 years ago | (#23027206)

New hire orientation must look something like this [youtube.com] .

mod parent up (0)

Anonymous Coward | more than 6 years ago | (#23029206)

Classic!!!! LOL

Re:More PHD Cowbell (0)

Kartoffel (30238) | more than 6 years ago | (#23027690)

Not knocking higher education, but PhD's stereotypically tend to be pretty flaky when it comes to security (or any sort of common sense, for that matter).

Re:More PHD Cowbell (1)

interstellar_donkey (200782) | more than 6 years ago | (#23029180)

Well, that and announcing to the world "We have really good security" is akin to saying to the world "Please hack us. We dare you".

Not terribly bright. The best security can be ensured by silently doing your best to protect it, and not making a big deal out of your success. That way, you're never a big target.

Re:More PHD Cowbell (2)

Tanktalus (794810) | more than 6 years ago | (#23030216)

I suspect that Google was going to be a big target regardless of whether they kept quiet about their attempts or not...

Re:More PHD Cowbell (0)

Anonymous Coward | more than 6 years ago | (#23028938)

lol, who cares about a few letters today (phd) when money in the bank talks...

The advantage of being an internet company (2, Insightful)

adpsimpson (956630) | more than 6 years ago | (#23026124)

I was going to say something smart about Microsoft, Mac etc, but then Google do have the advantage that they were founded on the internet, once the benefits but also the threats of networking computers had been fully understood.

I'd be surprised if any from-scratch operating system designed for internet-facing use today, didn't also have 'security as a culture'.

But hey, there's always Vista ;)

Re:The advantage of being an internet company (4, Informative)

morgan_greywolf (835522) | more than 6 years ago | (#23026740)

I'd be surprised if any from-scratch operating system designed for internet-facing use today, didn't also have 'security as a culture'.
Yeah. It's called OpenBSD [openbsd.org] .

Re:The advantage of being an internet company (2, Funny)

mrsteveman1 (1010381) | more than 6 years ago | (#23028030)

Netcraftsayswhat?

Re:The advantage of being an internet company (1)

hostyle (773991) | more than 6 years ago | (#23029150)

er .. the pie is a lie?

Re:The advantage of being an internet company (1)

Sancho (17056) | more than 6 years ago | (#23028106)

OpenBSD is designed with security in mind. It's so secure that you can't run anything on it! Not running anything? Nothing can be hacked!

Seriously, I used to think that OpenBSD was the bees knees, but after struggling with a broken ports system and no supported upgrade path between major versions (the latter coupled with a short support cycle means that you're having to constantly install on new metal, test, deply, and decommission the old server), I'm just not interested any longer.

Maybe the situation has improved, but based upon the maintainer's disposition, I'd doubt it.

Re:The advantage of being an internet company (1)

Kartoffel (30238) | more than 6 years ago | (#23028340)

It's been said that the most secure computer is one that's turned off. So, it would follow that the most secure application is one that won't compile. That'll teach those darn users to compromise system security by daring to run stuff!

In OBSD's defence, they do contribute useful work. SSH and pf are great, and OBSD makes a fine software router and firewall on gigabit sized pipes and smaller. For general purpose server use, it'll work but there's better options.

Re:The advantage of being an internet company (1)

Sancho (17056) | more than 6 years ago | (#23028460)

I can't deny that useful code has come from the OpenBSD team. I generally don't like the idea of using commodity x86 hardware for a router/firewall, though. To me, the usefulness is just too limited. For a home connection, it's really quite a bit of overkill, and for a medium to large number of users, you run into problems servicing customers if too many small packets are coming through. I think in the tests that I've seen, you can get down to about 512 byte packets before you start seeing loss, but of course any time you have a lot of small packets coming through, you'll degrade overall performance.

For home use, a cheap router running the firmware of your choice is great. If you really need BSD, a Soekris box won't set you back to much cash. For supporting any significant number of users, I'd definitely want an appliance.

Re:The advantage of being an internet company (1)

morgan_greywolf (835522) | more than 6 years ago | (#23028378)

I don't run OpenBSD, either. But, having followed the project for sometime, I'd say that given how much attention the project pays to security, security is part of their culture.

Personally, I run Ubuntu, which I find to be quite flexible and easy enough for my non-techie wife to use on her machine. And it's good enough in the security department -- a competent sysadmin such as myself can easily secure the OS and network from most attacks. At the same time, a total n00b who does nothing more than keep his security patches up-to-date and who doesn't install anything that's not supported by Canonical will find the system secure enough for home use as well.

Re:The advantage of being an internet company (2, Interesting)

ouder (1080019) | more than 6 years ago | (#23027244)

Google's security consciousness comes not only from being founded on the Internet, but also from the fact that they know that they have to compete. Microsoft had itself in a monopoly situation before network security became an issue. MS only takes notice of security when it appears to threaten its monopoly status. Our security people would love to see us go to Linux (granted, still security holes, but they are more controllable). However, we can't because users would whine about noting being able to use their MS-only software. In short, MS doesn't care about security because they don't have to. Mac's don't have the monopoly situation, they just think they do. Another part of the fantasy world the Mac community lives in says that their systems are secure. As long as Apple can keep their loyal core of Mac users happy they don't have to worry about security, either.

So, explain ... (3, Insightful)

PPH (736903) | more than 6 years ago | (#23026166)

... why so much spam comes from gmail, or usenet spam from Google groups.

Re:So, explain ... (5, Insightful)

Starrk (1268600) | more than 6 years ago | (#23026268)

Because distinguishing bots from humans is an unsolved problem. Even before Captcha's were broken by computers, there was an easier solution:

If you are stuck on a Captcha or equivalent, spam people, pretend the Captcha is yours, and offer free porn to anyone who solves it.

Preventing this is virtually impossible.

Re:So, explain ... (2, Interesting)

Sancho (17056) | more than 6 years ago | (#23028162)

Short timeouts on the captcha and/or using javascript to generate the images might help. I don't know if it's really this bad, but many captchas I've run across virtually never expire (they might expire when the PHP session does, but I've hit a page with a captcha, gone to the restroom and to get a soda, and come back to a still-valid captcha.)

If you had a reasonable time limit in which to solve the captcha, it would certainly make it harder to farm out.

Of course, Google's captcha was broken algorithmically, wasn't it?

Re:So, explain ... (1)

dubbreak (623656) | more than 6 years ago | (#23029006)

If you had a reasonable time limit in which to solve the captcha, it would certainly make it harder to farm out.

Not if the steps to get to the captcha are quick. For your idea to work the forms prior to the captcha would have to take a while to return, then the user is presented with a captcha that times out.

Could work at preventing captcha farming, but you are going to irritate your legit users.

Re:So, explain ... (1)

Sancho (17056) | more than 6 years ago | (#23029212)

Ok. What about a system where the captcha is presented up front with nothing else on the page. Succeed, and you get to the full registration. The page could use Javascript to rotate the captcha image periodically, expiring the previous one each time.

There are other ideas that could go along with this. You could use Javascript to send kestrokes in the captcha text box back to the server, which could then use those keystrokes to determine how soon to expire the captcha. If the user types the first letter correctly, tack on a few seconds to the captcha. Gets the second letter right? Give them a few more seconds.

Of course, I don't really know the exact mechanism that these people use to farm out the captcha, and if shortening the life of the session would even make a damned bit of difference. I could certainly see a scenario where a website steals captchas only when a user visits their site, so that timing is effectively realtime. If that was the case, coming up with a way to make it harder to automatically farm would be important.

I wonder if asking the user to execute some arbitrary bit of Javascript would be effective. A quick search doesn't turn up many good javascript engines that aren't in browsers, though surely they must exist.

Re:So, explain ... (1)

cheater512 (783349) | more than 6 years ago | (#23030508)

Javascript which is executed by a computer?
That makes it easier, not harder.

No need for a JS engine either.
For a target the size of Gmail just reverse engineer the JS and then reimplement it in to your bot.

Using machine readable things to make something which isnt supposed to be machine readable is...uhh... stupid.

Re:So, explain ... (1)

onepoint (301486) | more than 6 years ago | (#23032222)

in reply to some of the above topics:

my data on one of my web site that I manage might help ( I get posting spam issue all the time )

Captcha life in excess of 1 minute, the odds of it being a real users dies off rather dramatically, reloads typically happen 7 to 12 minutes later if they are real, reload happen within the 1 to 5 minute window are spammers of some sort.

captcha life of 20 seconds or less brought me more trouble and a huge amount of complaint mail. I'm right now leaving it at 45 second for 7 character captcha

if you take a look at craigslist, their captcha life was recently made shorter, and the amount of spam is a lot less.

captcha farming, is an automated piece of software that will follow a script that goes along the following lines
open browser : load address bar with web site : get to account page : enter account information : *** user then enters captcha *** : confirmation page = success then automated credit to user with a direct-link to porn site

Re:So, explain ... (1)

BlaenkDenum (1190467) | more than 6 years ago | (#23030158)

"Preventing this is virtually impossible."

reCAPTCHA [recaptcha.net] has a key system. It makes the user have private and public keys so that no one can simply take your CAPTCHA and use it on their site for others to solve for them. From the API Documentation:

"In order to use reCAPTCHA, you need a public/private API key pair. This key pair helps to prevent an attack where somebody hosts a reCAPTCHA on their website, collects answers from their visitors and submits the answers to your site."

Unless I understood you wrong, if so, sorry.

Re:So, explain ... (4, Insightful)

speculatrix (678524) | more than 6 years ago | (#23026546)

I've had very little spam that actually came from googlemail, maybe two items in a year. I've had a lot of spam that purported to come from googlemail, but examination of the headers quickly revealed it was simply faking the origin.

Re:So, explain ... (1)

hasdikarlsam (414514) | more than 6 years ago | (#23028428)

Gmail supports SPF just fine. It should be a simple matter to modify your mailserver so it will reject forged mail that pretends to be from google.

Re:So, explain ... (1)

speculatrix (678524) | more than 6 years ago | (#23033490)

SPF doesn't stop spam by itself, it's one tool. Ironically, spammers were early adopters of SPF say postini, now owned by google, and valid SPF for an email's origin can actually be an indicator of spam!

Re:So, explain ... (3, Insightful)

Dada Vinci (1222822) | more than 6 years ago | (#23026846)

This isn't about spam and Google groups. It's about preventing a malicious cracker from accessing the vast quantities of data that Google has about every single Google user [reputation...erblog.com] . These days, a full identity (SSN + bank account) sells on the black market for $14-$18 [washingtonpost.com] , depending. Google has tens of millions of users. Not all of them have their SSNs in their Gmail, but I'll bet that a fair bit have at least one credit card number or bank password in their email archives, their search history, or elsewhere within Google's control. Plus, think of the blackmail possibilities if there were a full-scale data breach? Remember the AOL search history breach [arstechnica.com] ? A full-scale crack of Google's security would be several times worse.

Re:So, explain ... (1)

street struttin' (1249972) | more than 6 years ago | (#23028040)

If the spam is from the "backscatter" mentioned previously [slashdot.org] , it would seem that Google sees the problem as yours, not theirs.

Re:So, explain ... (1)

PPH (736903) | more than 6 years ago | (#23032050)

The e-mail isn't backscatter. Bounced messages have a delivery failure preamble. These are from a google host according to the header date.

The Usenet stuff isn't forged either. Messages reporting their origin from groups.google.com can be found in Google Groups. The path at that point doesn't appear to be forged. Google has it as having been posted from their system.

It's that darn preset target (4, Funny)

Dekortage (697532) | more than 6 years ago | (#23026168)

Google presets a big fat target for would-be hackers and attackers.

Must be a new Google appliance. I'm glad it is preset, and does not need any end-user configuration.

In any case, I commute on the train with Google guys in NY. They use their laptops to work on the train, but have those little wireless security devices that generate random passwords for them when they want to log in, so their connection is fully encrypted.

Re:It's that darn preset target (5, Insightful)

illegibledotorg (1123239) | more than 6 years ago | (#23026304)

FWIW, their connection isn't any more encrypted than a standard VPN.

The only part of the connection that is "more secure" is the authentication phase, since they had to use two factors to log in (their token code and their password).

See Two-factor Authentication [wikipedia.org]

Re:It's that darn preset target (1)

Digi-John (692918) | more than 6 years ago | (#23026442)

Speaking from experience, two-factor authentication with a crypto-card type thing is a pain in the ass. I'd be willing to trade some security in exchange for the convenience of not carrying this thing around and having to deal with typing in constant random crap.

Re:It's that darn preset target (3, Funny)

BlowChunx (168122) | more than 6 years ago | (#23026590)

"Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

"Those who sacrifice security for liberty deserve neither, either." -- BlowChunx

Re:It's that darn preset target (0, Offtopic)

Sciros (986030) | more than 6 years ago | (#23026792)

Yep a good philosophy to live by. Slaves should stay slaves. Citizens of oppressive dictatorships should be happy with their lot. And so forth.

People should have no liberty or security at all. Maybe something like a giant prison gone out of control on the inside but blockaded by armed law enforcement. Yeah that would be ideal.

I can't tell whether your post is Flamebait or Funny. If there were a "WTF" tag and I had mod points today, I'd just go with that.

Re:It's that darn preset target (0)

Anonymous Coward | more than 6 years ago | (#23027672)

I can't tell whether your post is Flamebait or Funny. If there were a "WTF" tag and I had mod points today, I'd just go with that.
Those who butcher profound thoughts for cheap laughs deserve neither.

Re:It's that darn preset target (1)

Sciros (986030) | more than 6 years ago | (#23028344)

But you just did the same thing to make a snide remark. Fail.

Re:It's that darn preset target (1)

ianare (1132971) | more than 6 years ago | (#23027754)

The GP responded to a post relating to security of a computer system vs the liberties granted to users of the system. As such I do not think it applies to real world attacks on civil liberties.
The funny part of the post (yes, it is indeed funny) is that he used a famous quote from Franklin dealing with civil liberties, applied it to computers, and reversed it.
The way I see it, it means "if you are willing to sacrifice your security for ease of use [liberty], you deserve neither."

It goes along with the "law" of security: Any gain in security will be offset by an equal loss of liberty.

(if the law hasn't been formulated before, it is now Sevi's Law :-p )

Re:It's that darn preset target (1)

eggnoglatte (1047660) | more than 6 years ago | (#23026838)

God, where are my mod points. That was the funniest post I've read in a while.

Re:It's that darn preset target (5, Funny)

jollyreaper (513215) | more than 6 years ago | (#23027012)

"Those Who Sacrifice Liberty For Security Deserve Neither." - Benjamin Franklin

"Those who sacrifice security for liberty deserve neither, either." -- BlowChunx
"Those who sacrifice virgins to volcanoes are missing the point of what virgins are for." -- Me

Re:It's that darn preset target (1)

qwerty asdf (213799) | more than 6 years ago | (#23027460)

That's the funniest sig I've read in a while.

Re:It's that darn preset target (0)

Anonymous Coward | more than 6 years ago | (#23027816)

"Those who sacrifice virgins to volcanoes are missing the point of what virgins are for."

Those who don't encourage virgins to lose their virginity are REALLY missing the point.

Re:It's that darn preset target (1)

Dog-Cow (21281) | more than 6 years ago | (#23028028)

And those who don't make virgins lose their virginity have missed the hymen.

Re:It's that darn preset target (0)

Anonymous Coward | more than 6 years ago | (#23030596)

"Those who willingly enter prison deserve neither security nor liberty." Hmm, makes sense.

"Those who willingly leave prison deserve neither security nor liberty." What?

Code Reviews and Coding Conventions (5, Insightful)

Starrk (1268600) | more than 6 years ago | (#23026176)

How many buffer overrun exploits have been found in other people's software because the coders are just lazy? Google also tries to prevent this by explicit rules that everyone must follow no matter what: for example, you are not allowed to check in code using sprintf instead of snprintf.

A little thing to be sure... until you realize that it's one of many such rules, and they actually are followed.

Re:Code Reviews and Coding Conventions (1)

192939495969798999 (58312) | more than 6 years ago | (#23026280)

Everyone has rules like that, it's enforcing them zealously that actually produces good code by preventing bad code from entering the codebase. It doesn't work if you don't enforce it 100% of the time, because one shady procedure can be the one that is targeted for an attack.

Re:Code Reviews and Coding Conventions (0)

Anonymous Coward | more than 6 years ago | (#23026710)

Sorry, no. Rules like "don't use sprintf" don't produce quality or security. There is a difference between a culture of writing secure code and a culture of not writing non-secure code. The former can be successful, the latter is a constant exercise in patching and turd polishing.

Re:Code Reviews and Coding Conventions (1)

Starrk (1268600) | more than 6 years ago | (#23026878)

Sorry, no. Rules like "don't use sprintf" don't produce quality or security. There is a difference between a culture of writing secure code and a culture of not writing non-secure code. The former can be successful, the latter is a constant exercise in patching and turd polishing.
You are saying that good coding will not save an insecure overarching design. This is obvious. Just as obvious is the fact that bad coding will ruin a secure design.

Enforcing the use of snprintf instead of sprintf helps prevents the latter from happening. Seems obvious, no? But somehow, plenty of other companies (hello Microsoft) still have problems with this stuff.

Re:Code Reviews and Coding Conventions (2, Insightful)

Shados (741919) | more than 6 years ago | (#23027050)

MS actually stops these things from getting into the build now, using tools such as FxCops and variations. The issue comes from legacy code that is still part of their newer products (and refactoring such mammoth code bases doesn't happy overnight), on top of deep architectural issues that cannot be caught by simple rules... If they started from scratch enforcing their current policies, it would be much better.

However, the world isn't so simple... so Microsoft has to pay the price.

Re:Code Reviews and Coding Conventions (1)

Anpheus (908711) | more than 6 years ago | (#23027750)

Exactly. Microsoft has bent over backwards to support backward compatibility across wildly different kernels. Raymond Chen spoke once, I believe, about a SimCity bug that worked fine under DOS as long as you were running only one program, but would crash in Windows. The problem? Memory was freed and then used after it was freed. The solution? Microsoft added a check to see if SimCity was running and fixed the code with a special allocator for only SimCity.

Microsoft has done this for decades, and thankfully we're finally getting a 'different' Microsoft, but it's going to be painful and slow. .NET and Windows Presentation Foundation is far better than what it replaces, and it's going to bother a lot of old programmers who are used to it, that's ok, legacy applications won't disappear overnight. But the future looks a lot better, where they -are- starting from scratch with code that implements security policies. Visual Studio lets me set which permissions my code needs to run, whether that be File I/O, Network I/O, etc. There were a dozen or so options.

Re:Code Reviews and Coding Conventions (2, Insightful)

encoderer (1060616) | more than 6 years ago | (#23028400)

I remember that story. I think it was mentioned on The Old New Thing? ..Ya know, this is what bugs me about the bum rap that Microsoft gets.

True, to professionals in the field, it's often easy to be appalled at what we see as incompetence.

(And I'm not speaking to the management/sales, just the tech side of Microsoft)

But given the same goals, constraints and budgets, I bet that most assembled teams would produce software of no greater quality than what they have produced.

Hear me out.

1. Look at the SimCity example. This is a great anecdote to illustrate what we already know: MSFT has historically put great premium on backwards compatability. And I'll tell ya what.. when I was 15 years old installing SimCity on my new Win95 box, I'd have been damn upset if it crashed. To people like that--call them, "regular users," CONSISTENCY is incredibly valuable.

2. So to accomplish that you're going to be including a great deal of legacy code from one release to the next. (Virtualization wasn't really an option when the high-end box is a P75 w/ 8MB RAM)

3. Paradigms change. Microsoft kept re-packaging old code that was written a time when networks, let alone the internet, were a rarity. ESPECIALLY at home. And even when it did become more pervasive, it was 28.8k dialup connections.

Which brings me to my point:

This is not an easy job. Especially when your software is so widely installed on all systems running all manor of other devices on all sorts of different hardware.

In fact, in this regard, Microsoft HAS NO PEER. You cannot compare what they did w/ what Apple did. For a number of reasons. Mostly beacuse if Apple had the same success Microsoft had in the 90's, they'd have been forced to make different, sometimes troubling technology decisions, too. Jobs has a great mind for this stuff, but if Apple was one of the most profitable companies in the world and that profitability was put at serious risk because a decision was made to break backwards compat. for Biz customers, he'd have to explain himself to the Board and it he probably wouldn't win that argument.

I mean, to a geek on here, the notion that Microsoft has THOUSANDS of comments like: /* Special SimCity MALLOC/FREE fix */

and /* WordPerfect 2.2 Buffer Overflow Fix */

makes us want to go scrub ourselves in the chemical shower.

But to a home user, that's CUSTOMER SERVICE. That's making their Birthday or Christmas AWESOME by being able to hook up their expensive gifts and USE them.

Re:Code Reviews and Coding Conventions (2, Insightful)

ballwall (629887) | more than 6 years ago | (#23032128)

I don't disagree with any of the points you've made, other than the fact that they chose this path in order to keep their dominance. Yes, keeping backwards compatibility for increasingly diverse environments is hard. But they figured it was the easiest way to keep people on their platform. To say that this somehow releases them from the commitment of making their hacks and fixes *work* is another issue entirely.

I don't disagree that it's 'hard'. I disagree that there was no choice in going that route. They chose poorly and we, the consumers, are left to deal with it. Just because the customer thinks they will be happy with a choice doesn't mean it was the right choice, or even that the customer will indeed be happier with it. Sometimes you have to make the hard choices for your customer knowing they aren't equipped to make it themselves.

Re:Code Reviews and Coding Conventions (2, Informative)

Shados (741919) | more than 6 years ago | (#23026998)

What the previous poster was refering to is that serious development shops will use code analysis tools to inforce it: that is, the code will not be allowed to be checked in (or to be integrated to the trunk, or whatever) if the rules are not followed, and they are inforced at the source control level (or something).

Variations include having the code analysis tool throw "compiler" warnings, and make the compilation to consider warnings as errors and fail the build.

Once you start working in an environment that does such things, you don't go back: the code quality goes up 10x.

Re:Code Reviews and Coding Conventions (4, Informative)

kevin_conaway (585204) | more than 6 years ago | (#23026324)

Tools like PMD help with this .

We ended up getting bitten by bugs like unsynchronized access to static DateFormat object so we wrote used a PMD rule to fail our build if anyone does such a thing. We have other rules that curb the use of IOUtils.copy (instead of copyLarge).

I highly recommend using some sort of static analysis as part of your CI process

Security secrets? (5, Informative)

illegibledotorg (1123239) | more than 6 years ago | (#23026252)

TFA is a little scant on "security secrets."

What is covered is some general security policy and philosophy.

And here I was, waiting to read all about GIDS and GFirewall. Thanks, ITNews, for instead educating be about archiving security logs for later review!

Re:Security secrets? (3, Funny)

Peter Cooper (660482) | more than 6 years ago | (#23027184)

Scott Petry, director of Google's Enterprise and founder of security firm Postini, explained to attendees at the RSA conference how the company handles constant pressure and scrutiny from attackers.

I guess Google shared some secrets, and that's the news. Not that we get to read the secrets. Still, this is Slashdot.. :)

Re:Security secrets? (2, Funny)

street struttin' (1249972) | more than 6 years ago | (#23028224)

TFA is a little scant on "security secrets."
Well duh. They're secrets.

Fluff Acticle (1, Informative)

Anonymous Coward | more than 6 years ago | (#23026300)

How does an article that has no technical content, no news, and no information make it to the front page of a tech new site? Oh yeah, this is Slashdot, fake journalism at its best.

Re:Fluff Acticle (2, Funny)

Draped Crusader (1174049) | more than 6 years ago | (#23026370)

No, The Daily Show [wikipedia.org] is fake journalism at its best

Re:Fluff Acticle (1, Funny)

Anonymous Coward | more than 6 years ago | (#23027100)

I thought cable news was fake journalism at its best.

Pathetic Article (2, Funny)

Safiire Arrowny (596720) | more than 6 years ago | (#23026504)

That article literally had no content whatsoever. In fact I think it was so content free that I might know less about how Google does security now.

Is there a page two I'm missing?

Re:Pathetic Article (2, Insightful)

bteeter (25807) | more than 6 years ago | (#23026738)

I almost never RTFA here or elsewhere until I've read the first few comments. Its saved me so much time that I highly recommend it.

I understand Slashdot and other sites need to throw up news ever hour or so to keep us clicking their ads, but do they ever read this stuff to see if its worth posting?

Re:Pathetic Article (1)

El_Oscuro (1022477) | more than 6 years ago | (#23031154)

I have been writing content free documentation for a while now. I even have some scripts to generate it!

Frankly, they haven't impressed me (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23026600)

I've run into a several Google security people at conferences like Blackhat and RSA. They've always struck me as rather arrogant, self absorbed, and poorly informed. One of them actually went on a tirade about how nothing could compare to the risk of an XSS bug in Google's homepage. In the same conversation he also showed a complete failure to grasp how a heap overflow occurs or how process isolation works.

I admit, that guy was the worst of the bunch, but but I continue to be unimpressed by their security people. It's a shame too. I know for a fact they have some really bright people, but none of them appear to be in the security space.

who are you to be impressed .. :) (1)

rs232 (849320) | more than 6 years ago | (#23027020)

"I've run into a several Google security people at conferences like Blackhat and RSA. They've always struck me as rather arrogant, self absorbed, and poorly informed"

Who did you represent at these conferences, what were the names of these 'Google security people'. It's not that I don't doubt your word or anything.

Who invented 'heap overflow ' .. :)

Re:Frankly, they haven't impressed me (1)

hostyle (773991) | more than 6 years ago | (#23029362)

I'd like to see a heap overflow generated by a webpage, please. I know its happened before - way back when IE couldn't parse (or something like that) for instance, but google is (for the most part) totally an online company. The only interaction that most people have with them is via web pages. Surely this would make web page vulnerabilities far more important to them.

Re:Frankly, they haven't impressed me (0)

Anonymous Coward | more than 6 years ago | (#23032210)

This is the same company that values graduates from a specific college (stanford) over any other criteria. This doesn't surprise me at all.

Hmm... (0)

Anonymous Coward | more than 6 years ago | (#23026816)

Anyone else notice the Goatse image on the page?

malware infiltrates google searches (3, Interesting)

McFly777 (23881) | more than 6 years ago | (#23026822)

I submitted this a couple of days ago but, hey, it didn't get picked up.

This article at the San Francisco Chronicle [sfgate.com] doesn't tell me exactly what is going on, but apparently there is the potential for 7 of 10 search results to return malware.

My mother heard about this on the TV news, but the above was all I could find. Anyone else have any more detail?

Re:malware infiltrates google searches (1)

Starrk (1268600) | more than 6 years ago | (#23027326)

I'm a little confused by what this has to do with Google. They aren't getting hacked are they? It sounds like other random sites are getting hacked and you can still find them on Google search. This doesn't seem too surprising, so perhaps I'm missing something?

It's like out-running a bear. (2, Insightful)

mcmonkey (96054) | more than 6 years ago | (#23027152)

Two guys are out camping. They get ready to bed down, and guy is putting on his sneaker before getting into his sleeping bag. The other guy inquires, what's up with that?

The guy says, in case a bear attacks our camp during the night.

The other guy is skeptical. With sneakers or without, there's no way you can out-run a bear.

The guy replies, I don't need to out-run the bear. I just need to out-run you.

I suspect Google security is pretty much the same way, with a twist. Why try to hack Google, when I can use Google to find credit card numbers, unsecured plain text password files, servers running old, unpatched versions of vulnerable software, etc.

I'd think the hacker going after Google would be as popular as the kid who rats out the teacher who buys the kids beer.

Punch "gmail xss" into your search bar... (2, Interesting)

davidbrit2 (775091) | more than 6 years ago | (#23027228)

I get 1.6 million hits from Google themselves. They may be overestimating their security practices just a wee bit.

Programmers don't care about security (1, Interesting)

cjonslashdot (904508) | more than 6 years ago | (#23027374)

In my experience as CTO of a respected software development company (Digital Focus), and since then as a consultant in the field of assurance and methodology, I have found that in general developers are not interested in security. E.g., my book, High-Assurance Design [assuredbydesign.com] , which looks at application architecture from a security and reliability perspective, sells in very low numbers, while my Java books sold in very high numbers. "Hacker" books sell well because many developers want a "quick fix" to their apps, without really understanding security. And consumers are not interested in security either. Just look at Vista: its primary value proposition is that it is more secure. As a result, it is slower, and some drivers and apps don't work. (If you make things more secure, some things will break.) Witness the tremendous push-back by people, claiming that Vista is a "step backward". I myself use a Mac most of the time, but even given Vista's ill-conceived attempts at content protection, I find it interesting that people do not recognize the core value of Vista over XP (security). To me, it proves my point: people don't value security, until something bad happens to them personally.

Re:Programmers don't care about security (1)

BBandCMKRNL (1061768) | more than 6 years ago | (#23028098)

I find it interesting that people do not recognize the core value of Vista over XP (security).
I recognize that if I want the increased security of Vista over XP that I will need to buy a new PC. My current configuration is an Athlon XP2100, 512MB RAM, and Gforce 2 video card. I have never gotten my pc infected with malware and I've been running XP since it came out. And, with XP, I get the added bonus of being able to listen to an MP3 I've ripped from one of my CDs and not have my network transfers come to a screeching halt.

With Ubuntu HH due out this month, I'm seriously considering repaving my Ubuntu FF partition with Ubuntu HH and only boot XP when when my wife wants to use the pc. I won't get the compbiz eye candy, but then my current configuration won't run Vista Aero either, so no loss there.

Re:Programmers don't care about security (1)

Stevecrox (962208) | more than 6 years ago | (#23029028)

My Dad's machine is a Athlon XP2400, with 512mb of ram and an AGP Geforce 6100, it runs Vista slowly but it does run Vista. As an expeariment I did try it with 1.5GB of DDR400 and it ran ok and not really much worse than XP, the vista expearence index was 2.3 (2.1 with 512mb of ram). He's since deceided to buy 2GB of DDR ram. The machines still running Vista business 32bit now, personnally I would stick XP back on it but since the other two machines in the house are using Vista he wants that one to as well.

The problem you and my dad face is a new copy of vista is about £70, the old style ram is probably anouther £50. With low end laptops costing £300 and the ability to buy full desktop systems for £200 both which come with Vista Home Premimum (even though many can't run Aero) in the long run its better value to buy a cheap desktop and pay the extra £25 for 2GB of DDR2 ram get a reasonably fast machine thats secure and has the prettyness.

P.S. I too am eagerly awaiting the next Ubunutu release since Fiesty Fawn really impressed me, I'm hoping to take anouther crack at learning just how WINE works and seeing if I could go Vista free.

P.P.S Since SP1 network transfers don't seem effected by music playing unless your copying to a pre SP1 Vista machine (Vista SP1 to Vista SP1 and Vista SP1 to Xp seem fine now)

Re:Programmers don't care about security (1)

BBandCMKRNL (1061768) | more than 6 years ago | (#23032308)

Actually, I can get Vista for free with my MSDN subscription, but I would have to replace all my memory since it's ECC and my motherboard won't let you mix ECC and non-ECC RAM.

BTW, I work for a large corporation, with 10K+ desktops and they are in no hurry to migrate to Vista. IE 6 is still the supported browser and from what I've heard, some of our apps won't run on IE 7.

How many of us ping google? (3, Insightful)

MichaelCrawford (610140) | more than 6 years ago | (#23027390)

C'mon, I know you do it too: when I want to see if my Internet is working, I "ping www.google.com".

I still find it surprising that it ICMP_ECHO_REPLYs my ICMP_ECHO_REQUESTs. Why?

A lot of sites disable ping because, years ago, The Ping of Death could crash a server by sending maliciously-crafted ping packets.

And you can DOS a server by flooding it with pings.

I'd be interested to know just how many pings Google receives, and replies to each day.

And how many of those are maliciously encoded, only to be defeated by the ub3rh4x0r5 at Google.

Re:How many of us ping google? (1)

Petaris (771874) | more than 6 years ago | (#23028386)

Perhaps they have some way of limiting the number of pings from a specific address setup on their firewalls. Say they allow you to ping 5 times and then they just drop the icmp packets. Just a thought.

Re:How many of us ping google? (1)

gwbennett (988163) | more than 6 years ago | (#23028708)

First ping 4.2.2.1, then if THAT works, you ping Google. First test connectivity without a DNS lookup. That's how I've always done it.

Any competently run site is pingable. (4, Informative)

Medievalist (16032) | more than 6 years ago | (#23030040)

C'mon, I know you do it too: when I want to see if my Internet is working, I "ping www.google.com".
I still find it surprising that it ICMP_ECHO_REPLYs my ICMP_ECHO_REQUESTs. Why?
I find it surprising that you find it surprising! :)

A lot of sites disable ping because, years ago, The Ping of Death could crash a server by sending maliciously-crafted ping packets.
The "Ping of Death" gained fame because any chump could create one from a totally generic Windows system using the broken ping that Microsoft was shipping at the time. The technique is applicable to any IP protocol, not just ICMP echo. You can make an SMTP of Death fairly trivially. Just fake up a datagram with a total length greater than 65,535 by abusing the fragment offset field of the IP header, and if the target system does not check total length for validity you can overflow memory and hose the system. If that didn't make sense to you, just remember the "Ping of Death" has NOTHING TO DO WITH PING - it's an IP vulnerability that used to exist for ALL protocols in the IP stacks of certain vendors (IBM, Sun, Cisco, etc.) and is now fixed.

And you can DOS a server by flooding it with pings.
And you can do it more easily with practically any other type of packet. If you plan to block all traffic that can be used for DOS, you must block all traffic, period.

Ping is a service we all should provide to our internal networks from individual hosts, and to the Internet at large at the network edge. Configure your routers to respond to pings for your hosts instead of passing them through the firewalls. Ping is how people who need to test their ability to reach your hosts or site can do so. It is a simple tool that consumes a minimal amount of bandwidth to get the job done.

I'd be interested to know just how many pings Google receives, and replies to each day.
They might tell you if you ask. If it ever gets out of hand they'll just respond with normal traffic shaping techniques.

And how many of those are maliciously encoded, only to be defeated by the ub3rh4x0r5 at Google.
There's nothing dangerous about ping. Nothing... you can tell if a network is competently administered just by pinging it, my friend. I'd never hire anyone who had an unpingable net.

Hmmm... where's BadAnalogyGuy when you need him? OK, look, blocking ping is like saying that you've seen a guy killed by an Isuzu truck, so you think you can prevent all fatal accidents by banning Isuzu trucks from the highway. In reality, all you will do is prevent beer deliveries to my house, since my beer distributor uses Isuzus. This will make me hate you, just like people hate clueless firewall admins who block ICMP. Or wait, you saw a guy get bludgeoned to death with a hammer so you will ban all hammers while allowing people with large wrenches, razor knives and screwdrivers to pass without comment. That was pretty bad I think.

Re:Any competently run site is pingable. (2, Funny)

jbpro (1244018) | more than 6 years ago | (#23032008)

Any competently run site is pingable.


Result of trying to ping slashdot.org:

$ ping slashdot.org

PING slashdot.org (66.35.250.150) 56(84) bytes of data.

--- slashdot.org ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8010ms

Re:Any competently run site is pingable. (1)

enoz (1181117) | more than 6 years ago | (#23033396)

What's that I hear? Something about not throwing pings in glass houses?

Re:How many of us ping google? (1)

JayJay.br (206867) | more than 6 years ago | (#23030732)

That one's easy.

Ping of Death is history.

And you can flood them even if they are not responding, because a ping flood saturates network resources, not server resources. So not replying would not make a significant difference.

You could save some upstream bytes blocking ICMP responses, but I don't think that's a problem for them. And responding to pings is just playing fair on the network.

physical security (2, Informative)

Kartoffel (30238) | more than 6 years ago | (#23027662)

What about physical security for Google facilities? Last time I was in Mountain View I took a leisurely stroll right through the middle of the Googleplex, right past the life sized dinosaur skeleton, right past the sand volleyball court and hot tub and right through a couple of their office buildings. I like how the Googleplex is set up like an academic campus, but it's pretty trivial for a bad guy to bypass the card access doors by piggybacking behind somebody else.

Also, the whole place is made out of floor to ceiling glass windows. Would be really simple to shoulder surf somebody's display through a telescopic lens or listen against a windows with a laser mic. There's a reason high security buildings tend to resemble windowless block houses. Hopefully, anybody with a window seat at the Googleplex never processes sensitive data.

That's kinda scary (3, Interesting)

Jay L (74152) | more than 6 years ago | (#23027952)

I'm a bit down on Postini lately. A few months ago, they started marking my personal e-mails to Postini customers as spam. Which [ncl.ac.uk] is [aol.com] kinda [aol.com] ironic [google.com] . And pretty damned annoying, since my lawyer, my broker, my apartment manager and my chiropractor are all on Postini servers. But hey, that happens. I went over my server with a fine-tooth comb, I set up SPF, DomainKey, DKIM, no luck. I even switched servers. No matter. My e-mail, now digitally signed in triplicate, was still being scored as 90% probable spam.

So I tried to get in touch with their postmaster group. Only they don't have one [postini.com] . And I tried to check their feedback loop [emaillabs.com] . Only they don't have one. As a shareholder, I even wrote to Investor Relations [google.com] . No response. In the process, I found out that they have a universally awful reputation among the mail delivery community.

In the end, all they could tell me was that their system decided my mail was spam because - I kid you not - their system had, previously, decided my mail was spam. Which, of course, increases my spamminess score. And so on, and so on, until we're all using the same shampoo.

So, to recap: The guy in charge of keeping Google secure, Scott Petry, is the guy who invented a system that bit-buckets your e-mail, with absolutely no accountability, no sanity checks, no industry best practices... because of guilt by association WITH YOURSELF.

Be afraid. Be very afraid.

Re:That's kinda scary (0)

Anonymous Coward | more than 6 years ago | (#23031224)

Bullshit.

NCC 1701G (5, Funny)

mrsteveman1 (1010381) | more than 6 years ago | (#23028066)

"Scott Petry, director of Google's Enterprise"

The big secret? apparently google is developing a starship

Re:NCC 1701G (1)

trongey (21550) | more than 6 years ago | (#23028188)

...apparently google is developing a starship
Is there anybody here who would be surprised by that?

Re:NCC 1701G (1)

demopolis (872666) | more than 6 years ago | (#23028548)

What does God [thechurchofgoogle.org] need with a starship?

Re:NCC 1701G (1)

Colz Grigor (126123) | more than 6 years ago | (#23031838)

You must be new here. It's not a secret... [googlelunarxprize.org]

Re:NCC 1701G (1)

mrsteveman1 (1010381) | more than 6 years ago | (#23032166)

Well not anymore it's not

Google is setting a good example (1)

noric (1203882) | more than 6 years ago | (#23028762)

In security circles it is well known that security through obfuscation or obscurity is no security at all. By publishing their security internals Google is setting a good example for the industry at large which still lacks faith in security-through-transparency.

Hacking Google = Credibility on the Streets (1)

JeffHunt (129508) | more than 6 years ago | (#23029394)

Quoted from the story:

If you have bad intentions and want to get a reputation, hacking Google is the best way to get credibility on the streets.

I don't know if you've ever been to West Oakland, but I seriously doubt that hacking Google is going to win me any credibility on the streets here.

... unless hacking Google gives you gold chains a bulletproof Buick.

Open redirectors (1)

Florian Weimer (88405) | more than 6 years ago | (#23030220)

If Google values security so much, why can't do they anything about their open redirectors [google.com] ? After all, this has been abused by spammers and phishing scammers for weeks, so maybe it's time to finally do something about it.

The most secure policy. (1)

Prisoner's Dilemma (1268306) | more than 6 years ago | (#23032864)

The most secure way to treat peoples information is to not store it in the first place.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...