On Wed, Jan 2, 2013 at 7:31 PM, <valdis.kletni...@vt.edu> wrote: > On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said: > >> Google is setting a higher bar here, which may be sufficient to deter >> a lot of bots and script kiddies for the next few years, but it's not >> enough against nation-state or serious professional level attacks. > > To be fair though - if I was sitting on information of sufficient value that I > was a legitimate target for nation-state TLAs and similarly well funded > criminal organizations, I'd have to think long and hard whether I wanted to > vector my e-mails through Google. It isn't even the certificate management > issue - it's because if I was in fact the target of such attention, my threat > model had better well include "adversary attempts to use legal and extralegal > means to get at my data from within Google's infrastructure". > > "Operation Aurora".
I probably fit into that description; while I vector my personal email through Google, the actual sensitive stuff does not touch any wired or wireless network. Because I know. -- -george william herbert george.herb...@gmail.com
