Single Point of Failure: The (Fictional) Day Google Forgot To Check Passwords

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

I was going to post this because it's an interesting piece of worldbuilding and near-future scifi, but I realized to my surprise that it fits the definition on "Rational" on the sidebar.

It's also rather interesting.

👍︎︎ 6 👤︎︎ u/MugaSofer 📅︎︎ Jan 30 2016 🗫︎ replies

Scott has another similar one regarding spontaneous riots \ Black Swan effect.

👍︎︎ 6 👤︎︎ u/OutOfNiceUsernames 📅︎︎ Jan 31 2016 🗫︎ replies

So, how many people upon watching this went to see what was actually available in their Google search history?

👍︎︎ 1 👤︎︎ u/JackStargazer 📅︎︎ Feb 01 2016 🗫︎ replies

Captions

in the aftermath when everything had started to recover and people had more or less tidied up them the stock markets had started to recover from the trillions of dollars that had been wiped off them Google's network engineers said that there were only five people in the world who were able to approve changes to the most critical code and each one of those five was entirely trusted July the fourth in Western Europe it is right after noon and office workers are looking at their clocks and trying to work out if it's okay to leave early in America they are clearing up for a three-day Independence Day weekend over Google's headquarters in Mountain View are most of the building is deserted on-call engineers we at home their phones relative buzz if anything goes wrong or the billing late night shifts in data centers location event of the world there is one well-lit office tub somewhere deep within the building and in it is Maria Christensen our one of Google's most senior engineers and one of the trusted five she is against all corporate procedure rolling out a change to Google's core infrastructure Cali she's changed only one session and it's the very first part of the login code for Google Apps now this should be an incredibly complicated function that spins on more functions to deal with our checking passwords two-factor authentication third product as well check suspicious activity articles freaker's fraudsters and all the disaster prevention she's changed just one line of code put it at the top and it says return true she bypasses all the red flags from the automated testing software that says this won't work this is dangerous this is broken and instead she marks it for immediate rollout and committed so Google's systems properly roll it out across all of the data centers our Intel's to coast in North America over to Dublin and over to Europe to the Far East and down to South America it takes about three minutes and what it means is this no matter what you enter as a Google password it will be treated as correct there are no password checks anymore if you type in the username you will get it and this seems implausible if this seems like something that wouldn't happen remember Dropbox is the file hosting service used by 175 million people including I'm fairly short pretty much everyone in this room in 2011 they had exactly that security bargain for three colors now fortunately the person who discovered it wasn't a Dropbox and we disclosed it responsibly instead of telling the world so the damage was limited but Maria has no intention of responsibly disclosing anything mostly engineers that would get notified the code change like that aren't on call and those that are have somewhere between about one and three minutes before Maria gets around to logging into their Google account never mind an email notification they've got three minutes to read it understand it grasp exactly what that change means before Maria logs in and the mobile wipes their Android phone by reporting to stone none of the engineer's worked out in time the risk of doodles trusted five are still asleep as their phones quietly it raised themselves so then Maria emails a manifesto to dozens of new sites post messages on a few high-traffic tech forms and then logs out which is ironic didn't logging out can actually mean anything anymore gets into a cloud and don't attach a flat and assumes the first journalist tests it successfully the news don't ballistic the first place - bracelet of all the web was only The Drudge Report and they said lighten up because they didn't use Gmail themselves and didn't really get it and just went with the story rather than immediately trying to protect themselves because that's what most people did and it covers the followed people fell into one of regroups first of all the defenders desperately trying to lock down their account desperately try to delete anything that might link ruminating and to stop all their other accounts being compromised because remember if you have access to someone's email address then you have access to every web service they use because they can request a password reset right your inbox how did you work at being a defender generally depended on how good you were at getting all your other accounts moved away through that compromised address of course even the folks who are initially smart but they didn't use Gmail realized that other people they email did Facebook was the first big web service to react quickly enough that most commentators suggested that they actually had a plan in place for this years before within a few minutes of the story brethren Facebook turned off not just password resets but the ability to log in at all obvious answer that most people would have their accounts compromised they just turned it off and since nearly everyone was already logged in on their phone and their computer Facebook rapidly became the trusted method to contact anyone and that's a new level of trust that stuck around after lenders folks looked warily at email then there were the amateur detectives those are suspected that the partner was cheating on than those that were desperate to find out what my colleagues are owning or what their boss really thought of them it was restricted to email course because if you have access to someone's Google account in most cases you have access to their full search history and all the websites they clicked on for years and years and years have you turned it off most people in this room have it it was described by one writer is like looking into my wife's Amma and the divorce rate had a notable uptake a few months later meanwhile companies using Gmail or companies working with companies that use Gmail just had to assume that all their trade secrets have been stolen in the years to come patent trademark lawyers one made an enormous amount of money as colleague Asians flew back and forth between corporations now the European stock markets the only ones open on July 4th at that time went into freefall almost immediately the Asian and American ones would do the same when they opened the next Monday but the most obvious group if not the largest were the burners everyone who had any sort of prominent online presence got their account destroyed utterly destroyed within 10 minutes any YouTube channel with any sort of audience found all its work deleted and vandalized even worse than the new comment system the UT was brought in some burners attacked individual people thoroughly honking to to white everything is part of a vendetta but others others just tries to destroy as much texture as they could from as many people as they could as quickly as possible Google's had backups they did roll everything back but a lot of third-party sites vulnerable through password resets were anywhere near so lucky every blog with more than a few readers got crude messages added to it or code that redirected to shock sites or just just torn apart destroyed a huge number have no usable backups so this was the final death knell for most third-party web message boards the old ones which been falling out of use for years and years as soon as one administrator account fell the whole site was quickly destroyed and not many of those ever recovered because not many of them had backups some things did work in favor of the good guys first of all the enormous rush of traffic trying to fit of people trying to fix and great things meant that even Google couldn't quite cope with the load a lot of folks are frustrated by slow loading times and falling servers but certainly it's in at least some of Google's network engineers who worked out what was going on and pulled the plug in one notable place physically lick me pulling plugs out of data centers and uncontrollably shutting down everything they could someone finally managed to get an actual proper shutdown command into the systems that Maria compromised about two hours afterwards and three minutes later Google fell off the internet for the first time in a very very long while in the months as two hours of mess this pandemonium were the people the Maria Christensen was actually trying to reach she was hoping to be the next Chelsea Manning the next Julian Assange the next Edward Snowden more that she was hoping to create a hundred a thousand a million people taking that whistleblower wrong using the proof hours of freedom she created to change the world for the better that was her manifesto that's a manifesto it was don't find the things that need to be leaked go through the files of the corporations and governments that are destroying our world show them the light of day have you was was wonderfully optimistic and yes some people did there were there were thousands of leaks many of them of international importance quite a few people remembered that the Obama transition team after the 2008 election used Gmail until they forget their official whitehouse.gov email addresses set up and there were those stories of billionaire fashion executive putting in labeling stories about sweatshops and burying them though so he's a mining companies exploiting world thing exposing to incredible danger tale after Taylor for tale of people putting aside human concerns and then this phrase got used a lot team in the best interests of shareholders but none of those stories made the news because what Maria Christiansen hadn't done was manage the story what elites its allies always had they drip fed the stories over months into a 24-hour news cycle that always wanted more more more but instead in this case the story was about the process not how the information be handled at all the news took was that email was suddenly insecure that you were a risk that you should defend this is how I'm doing them that websites have been damaged this is how we protect yourself and watch us because we will help you so there were no stomach revelations mustard on the front pages there there should have been given an infinite number of front pages but there were simply too many stories and all of them are much less interesting to the public than the question of whether your partner has seen your browser history and of course for most people there was no long term damage at least not of them personally statistically speaking you get away with it and sure everyone knew someone who'd been affected everyone knew someone who got in trouble but the chances were that you yourself I've gotten away with it and one of our high profile companies suffered slightly there were no world-changing moments if dumping untold gallons of oil into the Gulf couldn't kill BP what could so most small business has survived unscathed and the economy recovered slowly having been damaged no more than by any natural disaster and gmail a year later had just as many active users as before because after all what were the odds of that ever happening again and it's not like the government could read all your messages anyway and no one really got hurt in the long run maybe it was for the best that that may have heard protype you know it all works out in the end and this side it would be a real pain to try and switch my email account somewhere else I'll have to change my email address it's amazing how much we trust to single points of failure while well this is a worst case scenario very much so everyone here will have that one Lynch Lee or watch everything else at least in your online life hangs the batter you haven't taken for a while or the email account that you forgot have access to everything or the password that your ex still knows but my point is this even in the face of seeming disaster when the wall is falling around when the world is falling around you remember that eventually this too shall pass because it takes more than one single point of failure to change the world oh and as familiar Christianson as she got arrested at the airport after a flight was delayed because the airline ran on two dogs thank you very much up in Tom Scott enjoy the bustle

Info

Channel: Tom Scott

Views: 1,954,870

Rating: 4.9638181 out of 5

Keywords: tomscott, tom scott, single point of failure, google, gmail, security, passwords, geekyconf

Id: y4GB_NDU43Q

Channel Id: undefined

Length: 13min 5sec (785 seconds)

Published: Thu Jan 16 2014