Forgot your password?
typodupeerror
Security Google

Google's Project Zero Aims To Find Exploits Before Attackers Do 62

Posted by Unknown Lamer
from the evil-hackers-respond-with-negative-one-day-exploits dept.
DavidGilbert99 (2607235) writes "Google has announced Project Zero, a group of security experts who will hunt down security flaws in all software which touches the Internet. Among the group is a 24-year-old called George Hotz who shot to fame in 2007 when he was the first to unlock the iPhone before reverse engineering the PlayStation 3." Quoting the Project Zero announcement: You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. ... We're not placing any particular bounds on this project and will work to improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers. All issues will be reported to the usual public vulnerability databases after vendors are given a short period to fix their systems and software.
This discussion has been archived. No new comments can be posted.

Google's Project Zero Aims To Find Exploits Before Attackers Do

Comments Filter:
  • All software that touches the Internet?

    Good luck with that.

  • by xxxJonBoyxxx (565205) on Tuesday July 15, 2014 @11:17AM (#47457925)

    >> automated software that throws random data at target software for hours on end to find which files cause potentially dangerous crashes.

    You could just replace that with "fuzzing tools." :) The "files...cause...crashes" is kind of funny too.

  • by gstoddart (321705) on Tuesday July 15, 2014 @11:23AM (#47457975) Homepage

    So, are they planning on buying copies of said software, and testing it in house?

    Or do they think they're going to be doing penetration testing without permission? Because, the last I heard, that was actually illegal.

    • by maliqua (1316471)

      The cost of the software for google is cheap compared to the value of the "we're the internet good guys" PR

      • by gstoddart (321705)

        Well, sure, maybe.

        But my adblockers tell me Slashdot has references to gstatic.com, googleanalytics.com, google-adservices.com and googletagservices.com. All of which I universally block.

        The fact of the matter is, Google hasn't been the good guys in several years now. Google has come full circle, and is just your garden variety greedy mega-corp.

        Heck, I believe Google pioneered some of the techniques for bypassing cookie controls in several major browsers, and then later on said it was an accident.

        I no lon

        • Getting elite people and good publicity sound like good reasons for me. Their business doesn't rely on lock-in as heavily as microsoft's, they need publicity.

        • by maliqua (1316471)

          Just to be clear, i don't think google is the good guys, just that they want to be perceived that way.

        • The differernce with Google has be, for the most part: They aren't stupid.

          Being the good guys is profitable in the long term. Take net neutrality for example... codifying that in law would be good for everyone in the long term. The ISPs, the customers, Netflix... everyone. But, some people are stupid and only think in the near term. I'd argue that Googles greed is simply greater than most corporations and that's a good thing. They want it all and short term profits that ruin some other part of the economy j

          • I'll reply to you, as you're the closest to the angle I was going for.

            Cross-posted from another site, with two more sentences here.

            Okay, picking my words a little and hoping I get my tone right...

            I get that Google (and Facebook and all kinds of other gangs) are *selling info*. It's sleazy, but to me that's "grey hat". It's "we're psychologically manipulating you to make money, but you knew that but we made the services nice and fun/useful so you don't care". I've been reading a huge Star Trek DS9 Re-Watch o

        • But my adblockers tell me Slashdot has references to gstatic.com, googleanalytics.com, google-adservices.com and googletagservices.com. All of which I universally block.

          I'm pretty sure the blame for that rests with Slashdot - you know, the content authors/owners - not Google. Slashdot certainly doesn't have to use Google services...

    • Corporations and NSA are exempt from most laws

  • by Anonymous Coward

    I thought there were stories here about white hat/ black hat the courts don't care - go to jail.( Not that I agree with the rulings) So Google gets a by on the laws?

    • by maliqua (1316471)

      Microsoft already is getting by this law why not google also

      your forgetting in the Home of the Brave and land of the Greed laws only apply below a certain net worth

  • Between Google and the NSA?

  • If its like their past behaviors, they'll tell everyone unless the government asks them not to under penalty of law - and they'll have the FISA court paperwork to make it stick. After all, Google now has a responsibility to its shareholders to not do illegal things, right? As such, I can't see this as more than a PR stunt.

  • all my data will be seized by Google and used for nefarious purposes! call out the National Guard! we are doomed!

  • Google wants to sell us your sploits now?
  • The poster of "Future Proof Jobs" should have read this subject rather than posting his question.

  • I'm glad to hear Google is dedicating resources to finding exploits in Internet softw...hey, wait, where'd my Bitcoins go???

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...