Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Cloud Computing
24/7/365 Network Uptime
Average Rating:
Rate this article:  
Google Sends Hacker Team to Hunt Bugs
Google Sends Hacker Team to Hunt Bugs

By Dan Heilman
July 15, 2014 12:39PM

    Bookmark and Share
"You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer," said Google's Chris Evans. "Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage."
 



If it takes a thief to catch a thief, Google is hoping that it takes a hacker to catch a hacker. The search engine giant Tuesday announced a new initiative, Project Zero, that it hopes will cut down on targeted attacks. The company has put together a team to improve security across the Internet.

Project Zero is a group of top Google security researchers whose mission is to track down and squelch software security flaws, called zero-day vulnerabilities by security experts. Zero-day bugs are exploited mostly by criminals, but also sometimes by state-sponsored hackers and intelligence agencies. A prominent recent example is the "heartbleed" bug that made vulnerable large amounts of online data, including passwords.

In announcing the initiative, Google pointed to zero-day vulnerabilities found in Adobe Flash Player that were used to target human-rights activists.

Pressure Put on Developers

Google's hope is that its researchers will help fix the flaws that lead to such breaches -- and not just in Google products. Project Zero's hackers will be free to attack any software whose vulnerabilities can be discovered and demonstrated. Google hopes that by doing so, it will pressure software developers to better protect Google's users.

Google, like some other companies, has paid bounties in the past when users have discovered flaws in its code. But now, with the security of Google programs often depending on third-party code such as Adobe's Flash, the company feels the need to formalize its bug-hunting efforts.

"You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications," wrote Chris Evans, a member of Google's security research team, in a company blog post. "Yet in sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage."

A Chance to Make a Patch

Although Google is still recruiting and hiring Project Zero team members, it's already assembled a group well known in security circles, including: Ben Hawkes, who has been credited with discovering numerous bugs in widely used software such as Adobe Flash and the Microsoft Office applications; American hacker George Hotz, who defeated Google's Chrome OS defenses to win the company's Pwnium hacking competition earlier this year; and Ian Beer, who was credited with finding six bugs Apple's iOS, OSX and Safari platforms.

Google hopes to have at least 10 full-time hackers working in its Mountain View, California, headquarters.

Google pledged that the work done under Project Zero will be transparent, with every bug filed and documented in a database. Bugs will be shown to the affected software vendor, and will be made public only after the vendor has had the chance to release a patch.

"You'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces," said Google's Evans.
 

Tell Us What You Think
Comment:

Name:

DurasnoPeach:

Posted: 2014-07-15 @ 1:33pm PT
I can only wonder why it took them so long to come up with the idea of hiring hackers to exploit and find weaknesses. Did you see DeCaprio in the movie "Catch Me If You Can"?



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Cloud Computing
1.   Dropbox for Business Boosts Security
2.   Cisco Woos More Devs with DevNet
3.   Investor Wants EMC To Spin Off VMware
4.   Microsoft Layoffs Reportedly Coming
5.   Cloud Firms Offer Azure Starter Kit


advertisement
Amazon Intros Zocalo Storage Service
Online storage and sharing for business.
Average Rating:
Cisco Woos More Devs with DevNet
To create new network-aware apps.
Average Rating:
IBM Rolls Out Hybrid Cloud Services
Based on SoftLayer net infrastructure.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 
34 European Banks Hit by Android-Skirting Malware
Criminals have been finding gaping holes in Android-based two-factor authentication systems that banks around the world are using. The result: 34 banks in four European countries have been hit.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.