Hacker News new | past | comments | ask | show | jobs | submit login
Google China hackers stole source code (yahoo.com)
26 points by rmorrison on March 3, 2010 | hide | past | favorite | 16 comments



Does anyone else feel that this article is both poorly written and furthermore just bad reporting? I was curious about the original source, which I tracked down to a blog post by George Kurtz and several links on it [1].

It seems to only claim that source control services are a good target and are frequently configured with no security (which is A Bad Thing), but does not blame Perforce as an attack vector. The article implies, however, that Perforce was used as an attack vector which does not appear to be the case. Of course, it is very hard to discern what the article actually says when they spend one sentence per idea, with no further explanation or investigation.

[1]: http://siblog.mcafee.com/cto/source-code-repositories-target...


Stuff like this is why it's important for all developers to study computer security. It is possible to create computer systems such that malicious users are unlikely to break into them, even if they have the entire system's source code. For example, look at heavily used open source software.

It seems like a lot of developers write closed source, commercial systems with the assumption that malicious users will never see it.


Perhaps they don't have enough of an incentive to make it bullet proof. That or they aren't given enough time to do so. Let's admit it, we all make mistakes, and if you aren't given enough time to analyze your code, security issues might very well make it into production.


While reading that, for a moment I though that Google were using McAfee security and seriously pondered the wisdom in using their services anymore.


Nothing wrong with Mcafee enterprise. :-)


It's only trivial to bypass, nothing else wrong with it.


It's not really stealing if Google still has the source code. Unless reading a book is now called "stealing a book".


Just like "stealing" company secrets isn't stealing? Are you implying that intellectual property can't be stolen?


Implying? No.


So, hypothetically speaking, you wouldn't mind if I broke into your house, duplicated every bit of data on your computer, and put everything not copyrighted by another company onto the internet for everyone to see?


Nobody said I would or wouldn't mind this, I just said it's not stealing. It's "looking".

But anyway, feel free to go ahead with your plan. But it might be a waste of your time; the bits on my hard drive are already public: http://github.com/jrockway/.


(not trying to start a fight, just pointing out) note that my point implies all private communication as well. Cookies, email, chat transcripts.


The analogy is more accurate if you were to say that someone took a sample of your DNA and used it to create an army of yous.


How so? I didn't create my DNA. I did create a lot of the info on my hard drive, though. Including source code.


Why is Google storing source code on 3rd party servers?!


The article never said that; just that they use Perforce.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: