Google,祝贺你回到仁慈的主的怀抱。是的,我们在此祝贺而不是哀悼你。当耶路撒冷的太阳终于照耀你冷寂的坟墓之时,我们将迎接你的复活。 以下的真相,如果你有怀疑,如果你觉得其他的说法才是真的,那么请你解释这样一个事实: Google总部在声明退出中国之后,立刻取消了所有中国工程师访问Google代码服务器的权限。他们都是在上班后发现服务器的home目录进不去了。事先根本没有通知。很多人写到一半的代码,就没法动了,要等几个礼拜之后,调动到美国才能继续写 如果Google是有预谋的撤离,为什么要采取这种手段?他完全可以让员工继续工作,做一些善后工作。比方说现在Google music,中国公司和美国做的是不一样的(music.google.cn 和 music.google.com)现在要取消中国的music了,完全可以让中国的工程师来做这个代码迁移的工作。 现在是中国的工程师全部带薪休假,由老外来接手善后事宜。 为什么Google突然那么不信任中国这边的团队?毕竟他们自己开发的代码,让他们自己来做迁移肯定效率更高啊 唯一的原因就是,Google内部的技术人员中被安插了党的特务(就在Google上海办公处) 事实真相就是,这个人在受到党的派遣,应聘Google成功之后,就把Gmail的关键代码down下来然后上交给了组织。 而这个组织破解gmail系统的目的就是为了获取“人权团体”的邮件,这些在Google官方的声明都有 这样一来会暴露gmail系统的所有漏洞,而且Google官方不能承认这个事情,否则他在国际上的声誉会大受影响。他能做的就是停止中国所有的工作,中国这边所有的工程师已经不能登陆google的代码服务器了。然后应该会抓紧几天时间修改一部分gmail代码 其实事情就是这样简单完全是突发事件,所以Google的官方声明,你去读一读原版,写的是很仓促的,字里行间都能读出他们最高层的震惊,就是Google三个最高层的人临时讨论一致决定的。如果是什么和美国政府商量好的,你觉得堂堂Google的官方声明会写的那么潦草,一点正式文件的套路都没有? Google撤离也不是因为互联网审查,这个当然是一件很让Google不舒服的事情,但这几年他不也就这么忍下来了嘛 特工这次的窃密行动,使Google有面临全面破产的危险(Google官方博客也说了,牵涉到知识产权的问题),说白了,再在中国呆下去,可能要威胁到整个公司的生存,所以才如此仓促的把中国部门的一切工作全部停掉 所以Google一开始还说打算和中国谈判,但是今天马上就放弃谈判的打算了,因为就算政府让步,Google也不能再留了,再留就有性命危险。也不是中国市场赚钱不赚钱的问题了,赚这点小钱,把整个公司的性命搭进去,风险太大了 关于Google工程师访问Google代码的权限,Google对于技术人员的诚信是相当信任的。即使是一个实习生,也可以访问99%以上的代码。 Google只有一个代码库,每个进去的人学到的第一条开发原则就是:搜!从代码库里面尽量搜索功能相似的代码,然后给原作者发Email。讲究这种整个公司的代码共享,才会达到有那么高的编码效率。而且Google的代码,注释,和技术说明文档是一体的,对每一个工程师都是公开的 你可以喷我,也可以提出其他的说法,但是请你在回复之前先看完全文,然后想想自己的说法能不能自圆其说!! 我只能说,特工你太辣手了,实在逼得人家混不下去了 补充一: 这个事情还在调查中,有一个人,他是党员,来了Google没多久,就把gmail核心代码下载下来,而且现在这个人已经不知所踪了,这些是可以肯定的 至于他是谁指使的,我们只是猜了 这两天Google总部派人过来和中国每一个工程师喝咖啡谈话,调查是不是这个人还有同伙 同时总部在评估,这件事情造成了多少代码泄漏,哪些代码需要重写 等这些工作做完,就会开始转移中国这里的工程师(要是没有调查就转移,岂不是让别的卧底混入美帝了嘛) 然后这个时候总部应该会给一个说法,让真相大白于天下,等再过一个月左右大家再回来看这个帖子吧! 补充二: 算了我来说吧。 里面一共三个卧底,里面居然还有共产党支部。 里面的支部书记是国安四年前就布的局。 这个朋友本科就是交大出来的,后来去了信安部。 信安部派他会交大信安学院念计算机,天天做算法题, 毕业就进了Google。 之后发展了两个内线,其中一个内鬼暴力破决Gmail的源代码系统, 政府主要是要监控用Gmail的反共分子。 里面不得了,居然还有国安局的党支部小组。 这个老兄拿了100万奖励,外加公务员待遇。 这帮人一下班就偷偷去陆家嘴开党支部会议。 小补充三: google是如何发现代码被转给特工的? 除非google在每个员工的电脑上装监控软件。 要访问代码,必须登陆Google唯一的代码服务器 现在只知道这个人是党员,他在很短时间内浏览了很多代码,而且这个人现在不见了,我只是根据这些猜测他是上交组织了 第一攻击了很多源代码管理服务器, 第二明确地告诉你是非法弄到的。 大家再看会,我的手机就会响起了…… 现在同事大部分已经开始准备离开了,少部分技术人员和法律部的会继续留下来,大家情绪非常失落,谁也没有想到会是这么个结果。 以上信息未经加拿大华人网证实,仅供参考。 |
记者从谷歌中国内部了解到,全体员工中午吃了散伙饭,并获取半年带薪年假做补偿。同时,google允许谷歌中国的员工竞聘美国总部或亚洲分公司空缺职位。
而另据消息人士透露,国务院将在今晚召开会议,决定对谷歌的处罚。
1、
# cd /usr/ports
# make clean
2、
# cd /usr/src
# make clean
rParseCommandLine 0.4.1_9 error: /usr/ports/-ui is not a valid port directory
rParseCommandLine 0.4.1_9 info:either you have used an invalid command line switch as the first option or you are trying to update a non existent port path, see man portmanager(1)
MGPMrCommandLine 0.4.1_9 error: rParseCommandLine returned errorCode 1
说明:
-ui参数不可单独使用,必须与其他参数配合使用,如:# portmanager -u -ui
From:http://www.wired.com/threatlevel/2010/01/google-hack-attack/
A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.
The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.
A spokeswoman for iDefense wouldn’t name any of the other companies that were targeted in the recent attack, except Adobe.
Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
The company didn’t say whether it was a victim of the same attack that struck Google. But Adobe’s announcement came just minutes after Google revealed that it had been the target of a “highly sophisticated” hack attack originating in China in December.
Neither Google nor Adobe provided details about how the hacks occurred. Google said only that the hackers were able to steal unspecified intellectual property from it, and that they had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.
But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and “unusually sophisticated” and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.
The hackers gained access to the company networks by sending targeted e-mails to employees, some of which contained a malicious PDF attachment. The malicious code exploited a zero-day vulnerability in Adobe’s Reader application.
Zero day vulnerabilities are security flaws in software for which there is currently no patch. Adobe announced in mid-December that a new zero-day vulnerability in its Reader and Acrobat programs was being actively targeted by attackers. The company made the announcement after security researchers not affiliated with Adobe discovered attacks being conducted against the vulnerability. Adobe patched the critical vulnerability only on Tuesday this week.
In the recent attack on some of the companies, once a recipient clicked on the malicious PDF attachment, a backdoor Trojan program called Trojan.Hydraq was installed on their machine in the form of a Windows DLL, according to iDefense.
IDefense says that when Google discovered malware on its systems in December, it found that the code was communicating with a server set up to receive information stolen from the targeted companies.
“It was configured in such a way that it was able to receive a massive amount of data being exfiltrated to it,” says an iDefense spokeswoman who asked not to be named.
Google was able to determine, by examining the server, that the hackers had struck numerous other companies, she said. Google said in its Tuesday announcement that 20 other companies had been hacked. But iDefense found evidence that at least 33 were targeted.
The recent attacks bear a strong resemblance to another attack that occurred in July 2009, which targeted about 100 IT companies, iDefense says. In that earlier attack, the hackers also sent targeted e-mail to companies with a malicious PDF attachment, but it’s unclear how successful that attack was.
According to Ryan Olson, an analyst for iDefense, the attacks in July and December targeted different vulnerabilities. The one in July affected Adobe’s Reader, Acrobat and Flash applications, which it patched Jul. 30. The vulnerability the hackers are believed to have used in December also affected Reader and Acrobat.
iDefense obtained samples of the malicious codes used in the July attack and the more recent one and found that although the malware was different in the two attacks, the programs both communicated with similar command-and-control servers. The servers each used the HomeLinux DynamicDNS to change their IP address, and both currently point to IP addresses belonging to a subset of addresses owned by Linode, a U.S.-based company that offers Virtual Private Server hosting.
“The IP addresses in question are … six IP addresses apart from each other,” iDefense said in its statement. “Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the [recent] Silicon Valley attacks have been compromised since July.”
Olson told Threat Level that the attackers are “incredibly good” at finding new exploits and infecting the right people but that nothing he’d seen in the malware indicated they were above average in writing malicious code.
“The sophistication here is all about the fact they were able to target the right people using a previously unknown vulnerability,” he says.
The iDefense spokeswoman told Threat Level that her company waited a week to disclose details about the attack until after Google went public with the news that it had been hacked. She said it’s her understanding that Google’s source code was targeted in the hack attack.
Google declined to publicly discuss the details of iDefense’s report.
Adobe’s announcement didn’t discuss specifically whether hackers had stolen its source code but said that it had “no evidence to indicate that any sensitive information — including customer, financial, employee or any other sensitive data — has been compromised” in the attack.
This post was updated with information from Olson about the malware used in the attack. It also was updated to clarify that the Hydraq trojan and PDF exploit were used to breach some of the companies, but not all of them.
Read More http://www.wired.com/threatlevel/2010/01/google-hack-attack/#ixzz0cYRw8VOb
