Go homepage(回首页) Upload pictures (上传图片) Write articles (发文字帖)
The author:(作者)aaapublished in(发表于) 2014/7/19 7:30:21 Google hackers dream team,
Dream team-Google Google hackers, Google-IT information Google hackers dream team
Google is taking up hacker prodigy, formed the hackers "dream team" Project Zero, but its mission is not only to improve security of Google products, it will also help other companies looking for the most likely 0 vulnerabilities exploited by hackers.
In 2007, the 17 year old qiaozhi·huoci became the world's first crack iPhone AT&T people, at that time, the company did not pay any attention to him was busy mending his disclosure of the vulnerability. Later, he and reverse-engineering the Playstation 3, Sony sued Choc, he promised never to attack the Sony product.
Earlier this year, when Choc when you crack the Google Chrome operating system protection again, Google has offered him $ 150,000, let him helping repair what he discovered vulnerabilities. 2 months later, security engineer Chris Evans via e-mail at Google extended an invitation to him, asking him if he would like to join Google's a full-time hacker elite force, the team find all popular software security vulnerabilities on the Internet.
Today, Google officially announced the name for the Project Zero team, whose only mission is to track and fix potential vulnerabilities in the software. Security industry will immediately after these findings were malicious exploit called "0 loopholes" and information from hackers and criminals, State-funded institution can exploit these vulnerabilities. Project Zero hackers will not only look for vulnerabilities in Google products, they were free to attack other software in order to force other companies to better protect Google users.
Project Zero has recruited members inside the Google, set up hacker "dream team": qilande·Ben·huokesi in 2013 discovered multiple vulnerabilities such as Adobe Flash, Microsoft Office applications and fame; United Kingdom researcher taweisi·aomandi is the industry's leading high yield "Bug-Hunter," one of aforementioned United States hacker prodigy qiaozhi·huoci would also become the team's intern.
Why does Google want to pay high salaries to fix loopholes in the code of other companies? Evans said Project Zero "is essentially altruistic." Google provides team members with a great deal of freedom, almost unrestricted, so that they can delve into security problems, perhaps this is Google's hiring of chips, makes the best talent to join Google, then they may turn to other projects. Google says that a safer Internet environment will make users are willing to click on more ads. "If we can increase user confidence in the Internet as a whole, it is also beneficial for Google. , "Evans said.
And like many other companies, Google over the years have also been offered a reward for the vulnerability, but it is not enough to only find vulnerabilities in Google apps, Google's many programs, such as Google's Chrome browser will often rely on third-party code such as Adobe Flash, as well as Windows, Mac, Linux operating system and some of the underlying element.
According to former Google security researcher Mogen·makuisi-Boyle said, Project Zero concept dates back to the birth of sometime in 2010-day night, he talked with Evans in a bar in Zurich. About 4 o'clock in the morning when the conversation turned to software other than Google Google users about security threats. "For people using third-party code security products, it is a very helpless questions. "Marquez-Boyle says," attacker will start from the weakest places. Motorcycle helmets really helps with security, but if you're wearing a kimono to ride a motorcycle and helmet will not protect you. ”
So Google's ambition is to use Google's mind perfect the other company's products. When Project Zero after hackers found a loophole, they will have the responsibility to fix this loophole companies are prompted and it 60-90 days to release patches soon after that this vulnerability will be released on Project Zero blog. Google said those hackers frequently exploit the vulnerability, Google will accelerate the speed of action, to put pressure on software developers, asked him 7 days to fix vulnerabilities or find a work around solution.
In such a large number of software today, Google's Project Zero can eliminate vulnerabilities is an open question. However, Ben·huokesi said the team members, the team having to find all 0 bugs, just before these vulnerabilities in the code that appears in the new, patched these vulnerabilities can be. And the Project Zero is strategically targeting to maximize "vulnerability impact" effect, which means that Google team found a loophole, who also happened to be spies are secretly exploited the vulnerability.
Modern hackers tend to combine a series of vulnerabilities can be exploited, compromised computer defenses, if one can repair these vulnerabilities, then the attack will fail. So Project Zero when you can find and fix a few of the vulnerabilities in the operating system, you can prevent attacks from hackers.
"On this issue, we will make great progress. "Jonny says," now is a good time, I believe we can stop the attack of 0. ”
赞