Shostack + Friends Blog Archive


The Dog That Didn't Bark at Google

So it’s been all over everywhere that “uber-sophisticated” hackers walked all over Google’s internal network. Took their source, looked at email interception tools, etc.

What’s most fascinating to me is that:

  • Google’s customers don’t seem to be fleeing
  • Google stock fell approximately 4% on the news they were hacked, while the market was down 2% and threatening to pull out of the largest market on Earth. Baidu’s stock was up over 10%.
  • No one I know or know of in Google infosec has lost their job
  • Google didn’t go under because of the security issue

In fact, Google is getting all sorts of props for how they handled the announcement.

Something for the “sweep it under the rug” crowd to ponder.

3 comments on "The Dog That Didn't Bark at Google"

  • jared pfost says:

    Definitely agree disclosure can be empowering. What’s interesting for me is google’s motivation to disclose and let others fan the flames of IE’s security reality and perception. Beyond the compat lab, who in google uses IE? Looks like there’s lots more to the breaches than IE but the spotlight is on redmond. I’m interested to see what affect this has on IE market %. Google may see customers fleeing to them. Who says security doesn’t enable the business 🙂

    Now if we can only get some kind of major disruption caused by IE’s lack of open standards support…

    ps. to ponder: why wasn’t msft listed as one of the companies targeted by the attackers? Disclosure is not always empowering.

  • shrdlu says:

    I’ll bet that the general reaction (not among the infosec community, the rest of the world) was “Wow, sophisticated Chinese hackers, who could blame them for being pwned?”

    Yet another example proving that the non-infosec world’s standards for security are a lot lower than ours. And I’m not saying that’s necessarily a bad thing.

Comments are closed.