Why is Secretary of State Hillary Rodham Clinton following up on Google's report of a cyber-attack from China and its threat to withdraw from Chinese soil with her own remarks condemning the country's policies?

Makes you wonder what conversations may have gone on behind closed doors between President Barack Obama and one of his science/technology advisors, Google CEO Eric Schmidt.

Secretary Clinton has called for the Chinese government to conduct a "transparent" probe into who was behind the attacks. (WSJ summary) Yeah, good luck with that.

For good measure, she threw in the names of other countries that love to censor too much, including Tunisia, Uzbekistan, Egypt, Iran, Saudi Arabia and Vietnam. Sounds like a list Google could have provided, as it has done in certain books. 

Can there be any doubt that everybody thinks or knows the attack was perpetrated by the Chinese government? I mean, come on, if the search for dissidents doesn't show it, Secretary Clinton's involvement has to. Chinese officials think so, and are pissed. (Another WSJ article)

"We urge the U.S. side to respect the facts, and to stop using the so-called Internet freedom issue to make groundless charges against China," Ma Zhaoxu, spokesman for the Ministry of Foreign Affairs, said Friday in a statement on the ministry's Web site. 

Of course, Microsoft doesn't call it Aurora. It's the "Google Attack."

Microsoft says it was an old version of Internet Explorer (IE 6) that was vulnerable, anyway.

The patch is due tomorrow (Thursday Jan 20, 2010, in case you're reading this next year when there's another Microsoft security problem.) According to Microsoft senior security program manager Jerry Bryant, the patch

 "addresses the vulnerability related to recent attacks against Google and a small subset of corporations. Once applied, customers are protected against the known attacks that have been widely publicized."

Yeah. Why so much publicity over an attack that may have been perpetrated by an oppressive government against civil rights advocates and a small subset of 20 to 34 corporations doing business in China? 

.

Apple CEO Steve Jobs used to be such a nice guy...

No, wait, that's not right. But he used to be friends with the Guys from Google. Several years ago at a Google annual meeting, Sergey Brin said that they loved and respected Apple, and that we should expect the companies to work together in the future. Google CEO Eric Schmidt joined Apple's board.

But would the two companies still respect each other the morning after Google started messing around with an Android? No. Jobs feels violated. He kicked Schmidt out of the love nest.

The folks at The iPhone blog don't think Nexus One is as good as the site's love child, the iPhone, and they have a video to prove it, while Adrian Kingsley-Hughes at ZDNet thinks they're aimed at different markets. The iPhone is for the stylish, while the Nexus One is ... not. 

They do seem to forget to mention that the Nexus One may appeal to people who don't want to use AT&T as a carrier. 

Now, according to Business Week, Jobs is in discussions to replace Google as the default search engine on the iPhone with Bing, created by that powerhouse in search technology, Microsoft. 

OK, that's not fair. Microsoft has done a good job with Bing. It has always taken the company three times to get it right.

According to one of Business Week's two sources on the matter:

The best and most thorough review so far comes from David Pogue at the New York Times. Fairly critical, gives excellent details on the setbacks (will it really play on other cell networks that T-Mobile?:
"It’s pretty sweet, it advances the state of the art, and it’s a welcome addition to the catalog of great app phones like the iPhone, Palm Pre and Motorola Droid."
But it's not an iPhone killer yet: "Despite the goodies, the Nexus is missing some important features that iPhone fans take for granted."
Pogue article

Walt Mossberg, genius product guy at the Wall Street Journal, offers a five-minute video explaining the basics of the phone, why it's important, and what he likes/dislikes about it. He's more positive than Pogue. Although his production quality isn't the greatest.
"It could be a game-changer."
"There are some downsides ... doesn't do media or games as well as the iPod. ... This is the first of the Android phones I have see n that I would consider using as my daily handheld computer."
Mossberg video

PCWorld has a one-minute video that plays like an ad for Google, showing the highlights of the features. A quick intro.
PCWorld video

Michael Arrington at TechCrunch just loves the phone. "The Nexus One is an important milestone in the smartphone market."
He also gives a very thorough run-through of the phone's features.
Arrington article

Marketwatch summary.
http://bit.ly/5rcHdC

Interesting claim from Microsoft that "At this point, we don't have any indication that our corporate network or any of our mail properties were attacked." Considering the fact that McAfee says it was a flaw in Internet Explorer that allowed the attack to take place.

That could mean one of several things:
-- Microsoft employees in China don't use IE
-- The Chinese attackers don't consider Microsoft intellectual property important enough to go after
-- Microsoft employees know a suspicious request when they see it and don't click on it
-- Microsoft just hasn't detected the attacks yet.

In a blog post, McAfee CTO names the attack Aurora.

He says the attackers exploited a previously unknown vulnerability in Internet Explorer."We informed Microsoft about this vulnerability and Microsoft is expected to publish an advisory on the matter soon.:

Attackers chose a few people within an organization, (he suspects they chose people with access to intellectual property). Looks like a trusted source wants you to click on a link (that old scam?) which then opens a back door that allows attackers to "gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company."

Read the blog posting:
http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/

UPDATE ON AURORA 1/15/2010 9:30AM

Taylor Buley at Forbes has a nice update on Aurora today.

China just wants you to follow their laws. Of course, those laws include the right to hack into your data. Just to make sure you're not doing anything bad, mind you.

Here's an article by Aaron Black in the Wall Street Journal. http://bit.ly/8XGF6s
Oops. You gotta pay for that one.

OK, here's an article by Aaron Black syndicated through the Dow Jones newswire service:
http://bit.ly/8xX5jr

China foreign ministry spokeswoman Jiang Yu:
Our laws are in line with International practice.
(Like Iran, Cuba, Egypt... http://bit.ly/8poswN )
Is our government bound by our cyber laws? Huh? You've gotta ask someone else.

Warrant? What's a warrant?

There are several things to say about this.

1. How much data was stolen?

First, exactly how big were the attacks, and what data may have been compromised either at Google or at the other companies where Google detected attacks? 

The announcement of the attacks in the Google blog says there was "theft of intellectual property from Google." The only "intellectual property" it actually mentions is a little info about the creation of Gmail accounts, such as the dates they were created and subject line, was compromised. Did the attackers get any other intellectual property from Google besides this info?

A Google spokesperson tells me, "So far we don't have any evidence of anything else" being taken. But phrase "so far" means they could still find more later. Also, the spokesperson says Google does not know what, if anything, may have been taken from or compromised at any of the other companies where it detected the attacks.

2. Should Google get rid of data sooner to protect privacy?

This shows that data is vulnerable, even when protected with Google's sophisticated safeguards. Google keeps data for nine months, but privacy and human rights advocates say it should be less and will certainly point to this example as a reason to cut the retention time.

But there's a dilemma here. On one hand, reducing the length of time that information is kept would reduce the amount of vulnerable info.