Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Right; so instead they've built their security model around assumptions that other companies' (namely telcos) account processes are secure. That way Google can say "it's not our fault; we can't do anything about it!"

It's called externalizing your costs, and Google is exceptionally good at it.



No one is perfect, but IMO when it comes to security, Google goes to great lengths to make stuff in the web secure, probably the most from all the bigcorps out there.

They are very aggressive about fixing TLS/SSL-related issues (finding and fixing vulnerabilities, deprecating old ciphers, promoting new stuff like cert pinning and HSTS, lowering SERPs in Google for non-https websites; they've also put in place means to detect and report fraudulent HTTPS certs, and many more).

Many of the top security researchers work for Google, and many of them even not on things directly related for Google's daily businesses.

If I'd have to say about some bigcorp that they don't care about security, Google would be the last on this list.

Google customer support is totally another pair of shoes though.


> Google customer support is totally another pair of shoes

Pair of shoes! Nice. I tend to say "why the face" a lot in our internal chat at work. Now I have another one (POS)


just realized "another pair of shoes" is an idiom in my native tongue (in fact, it's "another pair of boots" to be precise)


Also try "what the hat". Heard it from my 5 y.o. son.


> Right; so instead they've built their security model around assumptions that other companies' (namely telcos) account processes are secure. That way Google can say "it's not our fault; we can't do anything about it!"

No, they've built their model on the fact that for the vast majority of their users this will never be an issue. Maybe a celebrity, maybe an important target but the average user, never going to matter.


No, they've built their model on the fact that for the vast majority of their users this will never be an issue. Maybe a celebrity, maybe an important target but the average user, never going to be an issue.

Email is the gateway to almost everything else. It's used for account recovery as well as (wrongly) passwords and other sensitive information. Google Drive and docs would also be compromised.

It's actually a bigger issue that you would think.


I am not doubting that. I am just saying that the vast majority of people that use gmail will never have a case where someone wants what they have so much to go to the effort to social engineer their wireless company. Ntim but to mention that there is a bigger risk of getting your house broken into or a host of other things or identity theft. Plus this requires certain bad behavior and failure as well on the part of the phone company. [1] It's not clear how easy this would be for a normally determined hacker to pull it off.

[1] So we have two probabilities at work.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: